I just finished reading a 108 page .pdf called:
"The Law Enforcement and Forensic Examiner Introduction to Linux,
A Beginner's Guide.".
Its a nice introduction to linux as a forensic tool.
It is targeted atand it was a nice read (imo).. computer forensic investigators
interested in learning more about the GNU/Linux operating system. It
assumes no prior experience with Linux.
It starts with 40-some pages of general introduction to the use of the bash-cli in linux and advances to to forensics-specific tools/features (like dd/mounting using loopback device), to conclude with the sleuthkit, autopsy and and a touch of Smart (which is a commercial tool).
It also involves 'hands on' examples.
As the Readme states:
Over all I though it was a good read for both the linux-novice and the forensics-novice.This guide does not aim to be a "how-to" for conducting forensic
examinations. It is designed to introduce the tools available for
investigators using Linux. .. Linux as a forensic tool.
The guide itself can be downloaded from this link:
The Law Enforcement and Forensic Examiner Introduction to Linux, A Beginner's Guide. pdf
Additional files needed for the 'hands on' can be downloaded from the following ftp-directory:
It also links to additional reading material.
If you have finished reading you might want to take a look at: