Mobius Forensic Toolkit

Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.

http://freshmeat.net/projects/mobiusft

http://www.packetstormsecurity.org/forensics/mobiusft-0.4.4.tar.gz

AIRT(Advanced incident response tool) is a set of incident response assistant tools which works on linux platform. It's useful when you want to know what evil kernel backdoor is still resident on your broken system and what the hell it is.

coolq牛人的作品

http://sourceforge.net/projects/airt-linux/

http://www.packetstormsecurity.org/forensics/

http://www.sleuthkit.org/

http://computer-forensik.org/tools/