Rooted system

Brian Keefer chort at amaunetsgothique.com
Wed Feb 18 23:34:36 PST 2004


On Mon, 2004-02-16 at 12:20, Clifton Royston wrote:
> > And now what? [ You are unclear to me ]
> > 
> > Well, you could use a Security Toolkit Distribution from Knoppix, called
> > knoppix-std
> > And do some research with that.
>  
>   More generic forensic help (less Linux-specific) might come from the
> "Coroner's Toolkit" from the team of Wietse Venema and Dan Farmer
> (SATAN et al., and also TCPwrap and Postfix in the case of Wietse.)
> It's supposed to be pretty cross-platform with BSD support. 
> 
>   <http://www.porcupine.org/forensics/tct.html>
> 

FYI the Knoppix-STD live-CD does have an extended version of Coroner's
Toolkit.  Have a look:
http://www.knoppix-std.org/tools.html

Also, although it's a Linux distribution, it's *not* expressly for Linux
forensics.  It has NTFS rw support (limited) and Windows password reset
functions, etc...  In other words, it's a multi-OS generic forensics
kit.  I'm fairly certain that it does have support for mount -t ufs, but
I haven't confirmed that.

-- 
Brian Keefer, CISSP
Systems Engineer
CipherTrust Inc, www.CipherTrust.com



More information about the freebsd-security mailing list