General information about Debian Forensics is available at Teams/DebianForensics.
Related Debian derivatives and Linux distros:
doing a forensics analysis on a third-part Debian OS image
In embedded electronics I get to work with heavily mangled Debian systems, where a private third party did a lot of unknown or poorly documented changes.
How to proceed:
dpkg --verify: this will list altered files & removed ones
Cruft: this tool will also list the files that were added
- in an unlikely attempt to ship a clean system, upstream may hav installed
it's own .deb files (that are not proper Debian packages), these can be browsed under the Obsolete and Locally Created Packages category of the aptitude package manager