±Partners and Sponsors

±Your Account


Nickname
Password


Forgotten password/username?


Membership:
New Today: 9
New Yesterday: 3
Overall: 27150
Visitors: 48

±Follow Forensic Focus

Join our LinkedIn group

Subscribe to news

Subscribe to forums

Subscribe to blog

Subscribe to tweets

Incident Response toolkit for a linux machine

Forensic software discussion (commercial and open source/freeware). Strictly no advertising.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

Incident Response toolkit for a linux machine

Post Posted: Fri Feb 22, 2013 8:58 am

Hi all,

I am currently doing a project named "Live forensics in a linux machine" and for it I wanted some advice as in what toolkits i should use. I was thinking to use 2 toolkits but i am unable to determine which one.
Also i m a bit newbie in linux so would really appreciate if i could now how to use them if they are in command format.
I have read about few commands like netcat, etc. but i dont how do i use them in the suspects machine and get its output on my pd which has the toolkit.

Thanks in advance.
Really need some help on it.  

bsg819
Member
 
 
  

Re: Incident Response toolkit for a linux machine

Post Posted: Tue Mar 05, 2013 1:06 am

Well, there's a number of distros available. It all depends on your personal tastes.

Linux itself is built with a number of handy tools. Just running netstat can provide a lot of info. Fport (downloaded from www.mcafee.com/us/down...port.aspx) can show executables attached to open ports, etc. What are you looking for? Is it mainly network connections?

For a 'toolkit' there's Helix, or Deft (http://www.deftlinux.net/).  

J_Hizzal
Newbie
 
 
  

Re: Incident Response toolkit for a linux machine

Post Posted: Tue Mar 05, 2013 4:14 am

Do you have to examine the 'live' system?

Any reason why you couldn't use a live boot disc like Paladin or any of the other Linux based live distros that are out there and then conduct the examination on the drive?

Much more forensically sound than running CLI strings on a live system.  

Adam10541
Senior Member
 
 
  

Re: Incident Response toolkit for a linux machine

Post Posted: Fri Mar 08, 2013 11:19 pm

Security Onion is a linux distro that has a ton of forensic tools built into it as does Backtrack 5. A combination of those two will get you most of the standard open source tools for forensic analysis. I would recommend building your own operating system based off of one of these distros and add all of your tools that you want in addition to what comes on your base image. Once you have created your own image I would put it on a hard drive and/or use drive depending on what you are planning on doing with it.  

montgomeryj
Newbie
 
 
  

Re: Incident Response toolkit for a linux machine

Post Posted: Sun Mar 17, 2013 8:21 am

Have a look at CAINE (Computer Aided INvestigative Environment)  

Amumbo
Newbie
 
 
Reply to topicReply to topic

Share this forum topic to encourage more replies



Page 1 of 1