The Holliday cracking article (sic) shows how one guy walked through doing forensics on a box. The interesting part of this discussion is two-fold...
first - seeing what the cracker/hacker did to the Linux boxThe take home message for this:
second - seeing the range of comments on Bruce Schneier's website about how the "forensics analyst" went about his analysis - i.e. what to do, what not to do
* No computer is truly safe
* When doing forensics, the techniques you use and the decisions you make are gonna be second guessed endlessly.