Last month, I wrote about Auditor,
a comprehensive bootable CD for pentesters. After I wrote that column, I started
to think about the many forensic CDs that I have used in the past and how handy
they were when I needed them. So, I decided to highlight some of those tools
as well (and then I promise to get off the topic of bootable CDs for a while!).
What is the difference between a tool like Auditor and some of the tools that
I am talking about now? The difference is the focus. Auditor wants to be everything
that you’d need in the case of a wide-ranging penetration test, and it does
a good job of that. The three tools I'll cover this month (FIRE, INSERT, and
Penguin Sleuth Kit) are in-depth tools necessary when you need to do a forensic
examination of computer equipment that requires a little bit of everything.
Good column at Unix Review by Kristy Westphal. I have used FIRE for some basic forensics before and was able to get done what I needed to very easily.