On 10th July 2011, SANS faculty fellow and creator of SANS GIAC Linux / Unix security track - Hal Pomeranz - gave a brief presentation on "Linux forensics (for non-Linux folks)" at SANS Singapore Community Night.
Most forensics cases rovers around the Windows operating system (OS), the most common end-point machine, where cyber crime usually take place. Still, the skills to investigate a Linux / Unix machine is vital as they are usually used in critical system / infrastructure.
Hal highlighted various artefacts forensics officers should look into when conducting an investigation. You can find his presentation slides here - it pretty much sums up the presentation, but he showed more stuff during the demonstration (e.g. how looking into /var/lib/dhcp allows you to find out where the machine has been).