Forensics
Re: Which Forensic Live CD to use? Jan 05 2011 09:39AM
Andreas Schmiet (andreas schmiet googlemail com)
Thank you everyone for the great feedback!

I understood, that there is not "the forensic live CD" and that it is
also common to use different ones on a analysis.
So i will test some of the distributions you guys mentioned to figure
out, which will meet my needs best.

Thanks again,

Andreas

2011/1/4 Chris Hayden <chrishayden (at) windstream (dot) net [email concealed]>:
> BackTrack is a fairly popular and up-to-date distro.  It can be run as live DVD or installed.  Has a forensics mode so you can boot without altering hard drive contents (no swap).  Meant to be somewhat of a swiss army knife so it has pen tools, vuln scanners, web-app scanners, forensics tools, etc.  I use it more for Wifi cracking/demoing WIPs but know a number of people who use it for forensics tasks.
>
> http://www.backtrack-linux.org
>
> Thanks,
> Chris
>
> -----Original Message-----
> From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of Andreas Schmiet
> Sent: Saturday, January 01, 2011 8:38 AM
> To: forensics
> Subject: Which Forensic Live CD to use?
>
> Hello,
>
> i am working on my diploma thesis about Windows forensics with open source tools and want to start with the selection of a Live-CD. I gained first experience with Helix, but unfortunately it seems not to be supported anymore. And in my diploma thesis i would like to reference to a distribution which is state of the art :)
>
> So, i want to ask, what bootable Live-CD environment people on the list are using to conduct real world forensic analyses of Windows systems?
>
> Thanks in advance,
>
> Andreas
>
> -----------------------------------------------------------------
> Certify Software Integrity - thawte Code Signing Certificates This guide will show you how Code Signing Certificates are used to secure code that can be downloaded from the Internet. You will also learn how these certificates operate with different software platforms.
> http://www.dinclinx.com/Redirect.aspx?36;5000;25;1371;0;2;946;005be7f5c8
72ea1f
>
>
>
>

--
Many thanks, Andreas!

-----------------------------------------------------------------
Certify Software Integrity - thawte Code Signing Certificates
This guide will show you how Code Signing Certificates are used to secure code that can be downloaded from the Internet. You will also learn how these certificates operate with different software platforms.
http://www.dinclinx.com/Redirect.aspx?36;5000;25;1371;0;2;946;005be7f5c8
72ea1f

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus