Forensic Live CDs Review

Last month, I wrote about Auditor,
a comprehensive bootable CD for pentesters. After I wrote that column, I started
to think about the many forensic CDs that I have used in the past and how handy
they were when I needed them. So, I decided to highlight some of those tools
as well (and then I promise to get off the topic of bootable CDs for a while!).

What is the difference between a tool like Auditor and some of the tools that
I am talking about now? The difference is the focus. Auditor wants to be everything
that you’d need in the case of a wide-ranging penetration test, and it does
a good job of that. The three tools I'll cover this month (FIRE, INSERT, and
Penguin Sleuth Kit) are in-depth tools necessary when you need to do a forensic
examination of computer equipment that requires a little bit of everything.

Good column at Unix Review by Kristy Westphal.  I have used FIRE for some basic forensics before and was able to get done what I needed to very easily.

Advertisements

Author: Xavier Ashe

Entrepreneur, Infosec Executive, CISSP, CISM, Ironman triathlete, traveler, UU, paleo, father of 8, goyishe, gamer, & geek. http://linkedin.com/in/xavierashe

0 thoughts on “Forensic Live CDs Review”

  1. Think you should include fccu in the valuable forensic bootable cds. I haven't checked the recent versions, but about six month ago it had more tools than any other bootable cds I had come to see, including the three you mention here.
    http://www.d-fence.be/
    PS: I have nothing to do with them. Just so you know about the tool, that I personnally found great.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s