Re: Bootable CD Toolboxes

From: J. J. Horner (jhornerat_private)
Date: Thu Oct 04 2001 - 12:23:34 PDT

Next message: Rowe, Eric: "RE: Computer Crimes Investigations-light reading"

Previous message: Jon O .: "Re: Steganography Searching"
In reply to: J. J. Horner: "Bootable CD Toolboxes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I've looked around, and I would really like something that has the following capabilities:

- tct
- ability to nfs mount
- ability to configure run-time with a syslog host (secure)
- a complete set of IDS tools, including tripwire, etc.
- a complete set of tools to allow partition copying, 
	checksumming, netcat, and anything possibly 
	needed to do a full analysis
- low footprint.

Most of the kits I've seen are geared to fit on a small cd.  I'm not
too concerned with that, as I figure I'd rather have too many tools,
rather than not enough.

The PLAC CD seems to be closest, in that I can always create a CD
with the binaries I might need, boot diskless, then mount the tool CD.

I haven't checked yet to see if I can do NFS mounting with the PLAC CD, though.

Anyone know if that is possible?

Any other ideas, or comments?

Thanks,
JJ

* J. J. Horner (jhornerat_private) [011004 11:41]:
> I just got a few LinuxCare Bootable Toolboxes (v 2.0) in the mail.  I like the concept.
> 
> Has anyone reproduced this effort in the form of a forensics toolkit?
> 
> I would think the following should be considered:
> 
> - tct (without a doubt)
> - ability to use NFS mounting to store forensic data
> - ability to use a syslog daemon on another machine (laptop exporting nfs and syslog
> 	would solve the above 2 issues).
> - ability to get sigs from partitions
> 
> Any other thoughts?
> 
> Thanks,
> JJ
> 
> -- 
> J. J. Horner
> "H*","6d6174686c696e40326a6e6574776f726b732e636f6d"
> ***************************************************
> "H*","6a6a686f726e65724062656c6c736f7574682e6e6574"
> 
> Freedom is an all-or-nothing proposition:  either we 
> are completely free, or we are subjects of a
> tyrannical system.  If we lose one freedom in a
> thousand, we become completely subjugated.



-- 
J. J. Horner
"H*","6d6174686c696e40326a6e6574776f726b732e636f6d"
***************************************************
"H*","6a6a686f726e65724062656c6c736f7574682e6e6574"

Freedom is an all-or-nothing proposition:  either we 
are completely free, or we are subjects of a
tyrannical system.  If we lose one freedom in a
thousand, we become completely subjugated.

application/pgp-signature attachment: stored

Next message: Rowe, Eric: "RE: Computer Crimes Investigations-light reading"
Previous message: Jon O .: "Re: Steganography Searching"
In reply to: J. J. Horner: "Bootable CD Toolboxes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Oct 04 2001 - 17:35:35 PDT