An update to the SANS Investigative Forensic Toolkit (SIFT) Linux distro has been released. SIFT 2.0 is built on Ubuntu and features the major Linux incident response and forensics tools. It is available as a live disc ISO and as a VMware virtual appliance. Being based on Ubuntu, SIFT also runs under Hyper-V. Click here for a complete listing of the tools included with the distro.
SIFT is available from SANS forensics website.