Linux forensics - Introduction

Hi all,


This is the first of several articles covering Linux forensics, including several in-depth reviews of dedicated investigation, rescue & recovery distros. This introduction article is about the basic forensics tools. In the second part, we will talk about the Helix forensics live CD distribution.

If you're interested:

http://www.dedoimedo.com/computers/forensics-intro.html

Excerpt:

Comments and suggestions are welcome.

Cheers,
Mrk

 

Very nice Mrk. This is something I am going to do with 8.04 in the next few days. Will the iso always, within reason, be compressed to fit on one cd and, if not, will it prompt to insert a second cd or to try with something with more storage?

You're a comedian.

 

Hello,

You create an image and then burn it. In my experience, it usually goes beyond 700MB, if you include build utilities and a few more goodies. With a solid load of apps included, you'll prolly get a 1.2-1.5GB image, which you can then burn to DVD!

There's no prompt while creating the image...

As to comedian thingie, thanks ...

Mrk

 

I really enjoyed using remasterme on my old desktop which was PCLinuxOS & XP. I'm glad to know it's available in many other distros as well.

 

Hello,

Interesting topic. I have various bootable CD depending on the situation (TrueImage, custom BartPE, or a Linux Live CD) and I am interested to see how other rescue boot CDs will compare.

Until now, I could fix everything with a BartPE, until recently on a laptop where it bluescreened every time... having a boot CD based on Linux is truly an advantage.

Can't wait for the upcoming articles.

Regards,
gkweb.

 

Mrk,

very good compilation! I'm looking forward for the upcoming articles.

 

Don't forget to test out your recovery cds and that the tools on them work (eg the environment boots detecting hardware correctly and the tools don't crash).
I'm looking forward to the rest of the series.