[sf-lug] forensics with Linux

Rick Moen rick at linuxmafia.com
Wed Nov 18 09:32:42 PST 2009

Quoting Pseudo Anonymous (pseudo.anonymous70 at gmail.com):

> Any particular recommendations of handy readily available Linux
> distribution that would be best/easiest to accomplish these tasks -
> such as run from live CD image, and if needed, including actions or
> boot options to ensure it doesn't make or attempt to make any write
> access to laptop hard drive by default including having it not making
> nor attempting to make any rw mounts of laptop filesystem(s).

Check with the applicable legal authorities about which of these are
deemed to result in admissible evidence:

DEFT Linux CD, http://www.deftlinux.net/
CAINE Live CD, http://www.caine-live.net/
FCCU GNU/Linux Forensic Boot CD, http://www.lnx4n6.be/
Grml, http://grml.org/
Helix3, https://www.e-fense.com/store/index.php?_a=viewProd&productId=11
  (proprietary no longer maintained)
Helix3 Pro, http://www.e-fense.com/helix3pro.php (proprietary)
Masterkey Linux, http://www.e-fense.com/helix3pro.php
SPADA, http://spada-cd.info/
The Farmer's Boot CD, http://www.forensicbootcd.com/
Operator, http://www.ussysadmin.com/operator/
Knoppix-STD, http://www.knoppix-std.org/
Inside Security Rescue Toolkit, http://www.inside-security.de/insert_en.html

More information about the sf-lug mailing list