The challenge of cybercrime is not simply to gather evidence, but to gather evidence that can later be used at trial and pass the test of admissibility (i.e. integrity and reliability). The students’ initiative in West Australia is interesting, for according to the article it should definitely help police forces. Several questions however: training of police forces to Linux when Windows is dominant, reliability of the device produced (has it been tried? on which scale? what data has been gathered proving it does not give biaised results…?), and obviously how it fits with the laws on searches and seizures, and maybe interception of communication.
(6 March 2008) “Linux tool speeds up police computer forensics” http://news.zdnet.co.uk/software/0,1000000121,39363098,00.htm
To be compared with Nato’s own efforts? Nato’s Computer Incident Response Capability (NCIRC) unit (6 March 2008) http://news.zdnet.co.uk/security/0,1000000189,39363084,00.htm