Back in March, I found this article - Incident Response Tools For Unix, Part One: System Tools - to be very informative. I have since emailed the edotirs of the website and got a response that the next part of the article should be out in mid June. I'll post that link as well when it becomes available.