unix server forensics

This training course is focused on evaluation methods not supported by proprietary utilities, e.g. because they fail to access the targeted operating systems and their file systems. Our Linux-based forensic analysis system enables access for logical forensic examination nevertheless by using efficient command-line tools and special Fuse drivers. A custom-built Live-DVD and a bootable USB stick with all relevant open source tools is supplied as part of the training program. This toolset can be also installed very easily to harddisk.

Trainer und Dozenten

Hans-Peter Merkel (Dipl. Ing.) has been training law enforcement officers in Germany and foreign countries for several years . He is assisting law enforcement authorities in searching procedures and is conducting subsequent forensic evaluations. His primary focus is analysis of Linux/BSD internet servers.


This training course is directed towards participants with basic forensic knowledge comparable to the contents of our training course Digital Forensics.


  • Forensically important files
  • Evaluation of crucial logfiles
  • Logical examintion of forensically problematic file systems (XFS, btrfs, ZFS etc)
  • Examining Linux mail servers (Maildir, mbox, Extraktion von Malware)
  • Examining MySQL databases
  • Virtualization of Linux/BSD servers