Zeppoo would be a nice addition to the app-forensics. Zeppoo is a new forensic tool that "allows you to detect rootkits on i386 and x86_64 architecture under Linux, by using /dev/kmem and /dev/mem. Moreover it can also detect hidden tasks, connections, corrupted symbols, system calls... and so many other things".[1] [1] http://www.zeppoo.net
dead project.