The Lazy Genius

Security News & Brain Dumps from Xavier Ashe, a Bit9 Client Partner

Forensic Live CDs Review

Posted by Xavier Ashe on December 1, 2005

Last month, I wrote about Auditor,
a comprehensive bootable CD for pentesters. After I wrote that column, I started
to think about the many forensic CDs that I have used in the past and how handy
they were when I needed them. So, I decided to highlight some of those tools
as well (and then I promise to get off the topic of bootable CDs for a while!).

What is the difference between a tool like Auditor and some of the tools that
I am talking about now? The difference is the focus. Auditor wants to be everything
that you’d need in the case of a wide-ranging penetration test, and it does
a good job of that. The three tools I'll cover this month (FIRE, INSERT, and
Penguin Sleuth Kit) are in-depth tools necessary when you need to do a forensic
examination of computer equipment that requires a little bit of everything.

Good column at Unix Review by Kristy Westphal.  I have used FIRE for some basic forensics before and was able to get done what I needed to very easily.

Advertisements

No Responses Yet to “Forensic Live CDs Review”

  1. Anonymous said

    Think you should include fccu in the valuable forensic bootable cds. I haven't checked the recent versions, but about six month ago it had more tools than any other bootable cds I had come to see, including the three you mention here.
    http://www.d-fence.be/
    PS: I have nothing to do with them. Just so you know about the tool, that I personnally found great.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: