So I just recently went out and purchased two terabytes of disks and spent around $2000 in software and hardware and I got to thinking...what the hell am I doing?

For a few years now, I've been doing forensics work on the linux platform exclusively. I've been using Helix and my own workstation running redhat that I put together to handle multiple disk types.

Linux supports virtually every file system type, can mount a disk read only without modifying mactimes, and it has virtually every tool neccessary built in to it.

Hexeditor
debugger
Free virus scanning that's generally speaking..better than commercial software.
Binary/hex/dec converters
compilers
perl
dd
hashing
time retrieval
network monitoring
and the list goes on...

and any other tool you need to look at a disk is provided by Brian Carriers hard work creating TSK.

I spent $2k on FTK and Winhex(forensics version), a few disk mounting programs and a couple of hardware write blockers.
My question is, who the hell in their right mind would choose to do forensics on a single minded operating system that has to have all these extras just to be able to do something simple like mount a DD image that's stored on an EXT3 disk let alone analyze that image.

I think my next purchase will be ASR Data's SMART..because to be honest, windows is a piece of **** when it comes to forensics work.