Gentoo Forensics

[Matthew Carpenter]

I've put Sorcerer's on hold for the moment, choosing instead to focus on 
Gentoo and Ubuntu for now.  Not at all a knock on Sorcerer's.  I just 
find one source-distro at a time enough to handle.  And Ubuntu is in the 
same VMWare install as Sorcerer's... 

While working on some forensics work, I did a quick check on Ubuntu and 
Gentoo and found that both include packages for The Coroner's Toolkit, 
The Sleuthkit, and Autopsy.  Not bad.  Gentoo is of course newer 
packaging for each, since Ubuntu seems a little slow to release packages 
(mature?). 
I went on to discover that Gentoo also includes Foremost, and several 
other forensics packages.  In fact, Gentoo has a whole section 
"app-forensics" full of forensics apps. 

I have installed Porthole, which has added quite a bit to my enjoyment 
of Gentoo.  Not only does it provide a better way to view available 
packages, but it list files installed with each (installed packages).
I've been looking for something like "rpm -ql" and this is as close as 
I've come.

Well, off to bed.  Long day tomorrow.  Besides, I just added a few USE 
statements (kerberos, usb, and a few others) and am doing a "emerge -uD 
--newuse world" over night...

Matt