PDA

View Full Version : Linux forensics - Introduction

Mrkvonic
February 22nd, 2009, 10:42 AM
Hi all,


This is the first of several articles covering Linux forensics, including several in-depth reviews of dedicated investigation, rescue & recovery distros. This introduction article is about the basic forensics tools. In the second part, we will talk about the Helix forensics live CD distribution.

If you're interested:

http://www.dedoimedo.com/computers/forensics-intro.html

Excerpt:

-{ Quote: "
Most of the time, we do not really care about our computers. They are a means to an end, or many ends. Games, Internet, work, you name it. When everything works, the PC is a somewhat noisy beast that let us do what we want - most of the time.

But what happens when something goes wrong?

Suddenly, your machine won't boot. Suddenly, you have managed to contract malware. Your hard disk is misbehaving, your partitions are gone, your files are gone. These kinds of disasters are all too common. Unfortunately, very few people think about them, let alone prepare for them.

Don't be one of them ... " }-

Comments and suggestions are welcome.

Cheers,
Mrk
steve161
February 22nd, 2009, 11:05 AM
Very nice Mrk. This is something I am going to do with 8.04 in the next few days. Will the iso always, within reason, be compressed to fit on one cd and, if not, will it prompt to insert a second cd or to try with something with more storage?

-{ Quote: "Remastersys is a very handsome application. In a way, it is an on-the-fly imaging software. But it also allows you to boot your image as a live CD, reinstall it on another machine - or give it out to friends (if you have any)" }-

You're a comedian.
Mrkvonic
February 22nd, 2009, 11:16 AM
Hello,

You create an image and then burn it. In my experience, it usually goes beyond 700MB, if you include build utilities and a few more goodies. With a solid load of apps included, you'll prolly get a 1.2-1.5GB image, which you can then burn to DVD!

There's no prompt while creating the image...

As to comedian thingie, thanks ...

Mrk
zapjb
February 22nd, 2009, 11:23 AM
I really enjoyed using remasterme on my old desktop which was PCLinuxOS & XP. I'm glad to know it's available in many other distros as well.
gkweb
February 22nd, 2009, 12:02 PM
Hello,

Interesting topic. I have various bootable CD depending on the situation (TrueImage, custom BartPE, or a Linux Live CD) and I am interested to see how other rescue boot CDs will compare.

Until now, I could fix everything with a BartPE, until recently on a laptop where it bluescreened every time... having a boot CD based on Linux is truly an advantage.

Can't wait for the upcoming articles.

Regards,
gkweb.
tlu
February 22nd, 2009, 01:51 PM
Mrk,

very good compilation! I'm looking forward for the upcoming articles.
NGRhodes
February 23rd, 2009, 03:34 AM
Don't forget to test out your recovery cds and that the tools on them work (eg the environment boots detecting hardware correctly and the tools don't crash).
I'm looking forward to the rest of the series.