Check out the Linux_Forensics group on yahoo. There are a lot of people with more experience than I who could answer the court question you posed.
As far as tools are concerned, the Sleuthkit (http://www.sleuthkit.org) is the (IMO) best tool for the job and since it is already open source, modifications can be made and submitted back to the community for use.
I have spent the last few month immersing myself in this field and I've been learning something new everyday. Particularly about the guts of various file systems. Loads of fun:)
Slashdot Mirror
Check out the Linux_Forensics group on yahoo. There are a lot of people with more experience than I who could answer the court question you posed.
:)
As far as tools are concerned, the Sleuthkit (http://www.sleuthkit.org) is the (IMO) best tool for the job and since it is already open source, modifications can be made and submitted back to the community for use.
I have spent the last few month immersing myself in this field and I've been learning something new everyday. Particularly about the guts of various file systems. Loads of fun
-Matt