The field of data forensics ('computer forensics' as commonly referred to) is rapidly changing. Historically data forensics was focused on the imaging, analysis, and reporting of a stand-alone personal computer (PC) hard drive perhaps 1 gigabyte (GB) in size using DOS-based tools. However, due to a number of changes and advances in technology an evolution has begun in the field of data forensics. So where do we stand today? Increasingly, forensic examiners are faced with analyzing 'non-traditional' PCs, corporate security professionals are doubling as in-house forensic examiners and incident first responders, and critical data is residing in volatile system memory. This is the 'Next Generation of Data Forensics.' What is the Next Generation Data Forensics platform of choice? Linux. Why Linux? There are a number of key functionalities within the Linux operating system environment that make it the best platform for data forensics. Among them: everything, including hardware, is recognized as a file support for numerous filesystem types ability to mount a file via the 'loopback driver' ability to analyze a live system in a safe and minimally invasive manner ability to redirect standard output to input, or 'chaining' ability to monitor and log processes and commands ability to review source code for most utilities ability to create bootable media, including floppies and compact discs