[sf-lug] forensics with Linux
Will McGinnis
guacamolepandemonium at gmail.com
Wed Nov 18 23:22:31 PST 2009
After all the talk about the recent Microsoft COFEE leak, I was doing some
searching and came across this site that has some good info:
http://www.forensicswiki.org/wiki/Main_Page
And on that front page there's a link to:
http://www.computer-forensics-lab.org/pdf/Linux_for_computer_forensic_investigators.pdf-
"The paper opens discussion about building forensically sound Live CD
distributions based on Linux. "
On Wed, Nov 18, 2009 at 9:32 AM, Rick Moen <rick at linuxmafia.com> wrote:
> Quoting Pseudo Anonymous (pseudo.anonymous70 at gmail.com):
>
> > Any particular recommendations of handy readily available Linux
> > distribution that would be best/easiest to accomplish these tasks -
> > such as run from live CD image, and if needed, including actions or
> > boot options to ensure it doesn't make or attempt to make any write
> > access to laptop hard drive by default including having it not making
> > nor attempting to make any rw mounts of laptop filesystem(s).
>
> Check with the applicable legal authorities about which of these are
> deemed to result in admissible evidence:
>
> DEFT Linux CD, http://www.deftlinux.net/
> CAINE Live CD, http://www.caine-live.net/
> FCCU GNU/Linux Forensic Boot CD, http://www.lnx4n6.be/
> Grml, http://grml.org/
> Helix3, https://www.e-fense.com/store/index.php?_a=viewProd&productId=11
> (proprietary no longer maintained)
> Helix3 Pro, http://www.e-fense.com/helix3pro.php (proprietary)
> Masterkey Linux, http://www.e-fense.com/helix3pro.php
> SPADA, http://spada-cd.info/
> The Farmer's Boot CD, http://www.forensicbootcd.com/
> Operator, http://www.ussysadmin.com/operator/
> Knoppix-STD, http://www.knoppix-std.org/
> Inside Security Rescue Toolkit,
> http://www.inside-security.de/insert_en.html
>
>
> _______________________________________________
> sf-lug mailing list
> sf-lug at linuxmafia.com
> http://linuxmafia.com/mailman/listinfo/sf-lug
> Information about SF-LUG is at http://www.sf-lug.org/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://linuxmafia.com/pipermail/sf-lug/attachments/20091118/bcb2a8bd/attachment.html>
More information about the sf-lug
mailing list