Deft Linux v 5.1 on...
 
Notifications
Clear all

Deft Linux v 5.1 on USB?

18 Posts
11 Users
0 Likes
2,499 Views
(@francis87)
Posts: 18
Active Member
Topic starter
 

Has anyone tried to create a deft Linux on USB drive? I tried several way but it just failed to boot from the USB drive.

Can anyone who was lucky with it, share with me how to get it going.

 
Posted : 30/08/2010 9:06 pm
binarybod
(@binarybod)
Posts: 272
Reputable Member
 

If you can cope without deft and use the very competent caine distribution you will find a usb version named NBcaine here.

Just dd the image to a USB drive and it works straight away (or it did in my case)

Paul

 
Posted : 30/08/2010 9:34 pm
(@patrick4n6)
Posts: 650
Honorable Member
 

Try UNetbootin. Turns a Linux live CD ISO into a bootable USB.

 
Posted : 31/08/2010 6:09 am
(@francis87)
Posts: 18
Active Member
Topic starter
 

I tried unetbootin. The files are there in the USB drive but it just can't bootup

 
Posted : 31/08/2010 6:11 am
(@rampage)
Posts: 354
Reputable Member
 

DEFT provides a dd image for USB flash drives, have you tried it?

http//www.mirrordeft.net/listing/deftpen/

 
Posted : 31/08/2010 12:26 pm
(@banjax)
Posts: 9
Active Member
 

After many fruitless attempts on my own part at trying to get Deft 5.1 onto a USB stick using the CD ISO I've come to the conclusion that using their USB dd image is the only viable way of getting a deft stick.

Go to http//www.mirrordeft.net/listing/deftpen/ and download deftpen5.1.dd

you can then dd it onto a USb stick.

Its formatted for a 1Gb USB stick and the dd image contains both the partition table and boot record for the stick so you have to format the command as
dd if=<filepath>/deftpen5.1.dd of=/dev/sdf (or sdb or sdc whatever the physical drive reference is for your stick)

Advice on their forum says that if it doesnt work straight off try zeroing out the stick first then copying over, the important thing to remember is to point it at the physical disk itself rather than at a partition on the disk

 
Posted : 31/08/2010 3:35 pm
(@francis87)
Posts: 18
Active Member
Topic starter
 

I tried downloading the dd n I stil can't boot it up.. There is always an error about missing src0.

It doesn't make sense to pay extra 10€ to have a small USB drive shipped over to me.

 
Posted : 31/08/2010 4:07 pm
(@mobileforensicswales)
Posts: 274
Reputable Member
 

Just checking.. does your bios support usb boot?

 
Posted : 31/08/2010 4:27 pm
(@rampage)
Posts: 354
Reputable Member
 

the pen you buy from deft has nothing different from the one you create yourself, it's just meant to support the project, i bought one but i had the chance to grab it directly without the need of shipment.

i've used deft countless times so far and i think it's really good and as well a promising project, and by knowing the staff behind it i can say that they are really serious and skilled, and try to build a distro that is designed to fit the real needs of a forensic analyst.

 
Posted : 31/08/2010 4:28 pm
Hwallbanger
(@hwallbanger)
Posts: 32
Eminent Member
 

the pen you buy from deft has nothing different from the one you create yourself, it's just meant to support the project, i bought one but i had the chance to grab it directly without the need of shipment.

i've used deft countless times so far and i think it's really good and as well a promising project, and by knowing the staff behind it i can say that they are really serious and skilled, and try to build a distro that is designed to fit the real needs of a forensic analyst.

Is anyone aware of this information about Deft being NOT forensically sound

Linux recovery of Ext3 file systems during the boot process and thus modifies the data on suspect media have a bug in initrd casper scripts that perform unsafe fake read-only mounts of several file system types. You will find these scripts in scripts/casper-helpers function get_fstype().

The problem exists in all Ubuntu based forensic Live CDs like DEFT Linux, Helix3 (and Pro too), SMART Linux, BackTrack 4 Pre Release and FCCU GNU/Linux and all other distros that use Casper for booting (except grml that sets all block devices RO before mounting).

This could depend upon which scripts are used dependent upon the device ( USB vs internal HD).

Have any of you come across this in your proof testing of your forensic base systems that contain your tools within Linux and do you do this same type testing for your Windows type systems ? ?

 
Posted : 31/08/2010 8:47 pm
Page 1 / 2
Share: