BackTrack linux boo...
 
Notifications
Clear all

BackTrack linux boot CD

20 Posts
14 Users
0 Reactions
2,187 Views
(@dougee)
New Member
Joined: 21 years ago
Posts: 4
Topic starter  

Just wanted to let people know about the BackTrack linux boot CD that is the coming together of the Whax and Auditor boot CDs.

BackTrack is a really useful boot CD that gives you all the networking tools, including Kismet working and all the bluetooth tools as well. It really saves hours of trying to compile all the obscure tools and getting the hardware recognised. Give it a try

Jusr remember that it is NOT FORENSICALLY SOUND

Home Page http//remote-exploit.org/index.php/Main_Page

Ta

Andy J


   
Quote
(@youcefb9)
Eminent Member
Joined: 20 years ago
Posts: 38
 

given your exposure to this CD. would you please enlighten us on what value this CD brings to the community and what differentiate it from other offerings like hoppix, helix, …etc.


   
ReplyQuote
(@jsawyer)
Eminent Member
Joined: 20 years ago
Posts: 35
 

It doesn't add any value to the forensic community. If anything, it will make more work for forensic analysts. Admittedly, it does included tools like autopsy and sleuthkit, but it is designed for network auditing and penetration testing. Auditor was for information assurance and auditing so that you could check for rogue wireless APs, break WEP, scan via Nmap and Nessus, etc. Whax was for penetration testing as it provided some similar tools along with tons of exploit code! I don't think a forensic analyst needs any of those unless he/she is trying to determine which thing was used to break in or exploit the host they are analyzing.

If you need a LiveCD for pentesting, wireless recon, etc, Backtrack is great. If you need a LiveCD for forensics, stick to Helix (just update it as the tools get outdated quickly).


   
ReplyQuote
(@dougee)
New Member
Joined: 21 years ago
Posts: 4
Topic starter  

The reason for posting was to highlight a worthwhile, easy to use boot CD which contains a large group of network tools that can and are used by hackers and others on a daily basis.

From a forensic point of View? As a forensic examiner you may encounter any number of cases that involve networks and the recovery of evidence of an intrusion.

I understand that some forensic examiners do not encounter intrusion cases on a regular basis, I currently do and use pen test tools in my investigation's. I also have on occasion used the network sniffing tools to analize the network traffic of a cloned suspects machine to see what network traffic is being sent from the machine. Handy for Trojan defence cases or the investigation of malware.

Hey, maybe I should of made it clearer that it wasn't a FORENSIC boot CD, but IMHO it's still worth a look for forensic examiners, as you can never have too many tools in the toolbox.

As for Linux boot CD's, Helix is a good choice , but I prefer the SMART linux boot CD.


   
ReplyQuote
(@Anonymous)
Guest
Joined: 1 second ago
Posts: 0
 

Jusr remember that it is NOT FORENSICALLY SOUND

Can you please explain your comment about the BackTrack CD not
being "forensically sound"?


   
ReplyQuote
Wardy
(@wardy)
Estimable Member
Joined: 20 years ago
Posts: 149
 

It doesn't add any value to the forensic community.

It doesn't?

If anything, it will make more work for forensic analysts.

It does???

I would have to disagree.


   
ReplyQuote
(@echo6)
Trusted Member
Joined: 21 years ago
Posts: 87
 

Can you please explain your comment about the BackTrack CD not being "forensically sound"?

It's not built with forensics in mind, unlike SMART or Farmerdude's boot cd.

Try booting it on a machine, then type mount and swapon -s

root@slax~# mount
tmpfs on / type tmpfs (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/hda1 on /mnt/hda1 type ext2 (rw)
/dev/hda3 on /mnt/hda3 type ext3 (rw)
usbfs on /proc/bus/usb type usbfs (rw)
root@slax~# swapon -s
Filename Type Size Used Priority
/dev/hda2 partition 250416 0 -1


   
ReplyQuote
(@farmerdude)
Estimable Member
Joined: 20 years ago
Posts: 242
 

I would strongly advise testing and validating the Linux Boot CDs you choose before using them for real work. It's easy to take a remaster script and remaster a product. You'll find that simply adding forensic tools doesn't make a forensic boot CD (case in point, Backtrack). You'll also find that simply marketing a CD as a forensic CD doesn't make it a forensic CD (case in point, SPADA or Helix). That being said, whichever CDs you do choose, check them out in detail before using them. You may find some interesting items of note . . . )

regards,

farmerdude


   
ReplyQuote
(@Anonymous)
Guest
Joined: 1 second ago
Posts: 0
 

I would strongly advise testing and validating the Linux Boot CDs you choose before using them for real work. It's easy to take a remaster script and remaster a product. You'll find that simply adding forensic tools doesn't make a forensic boot CD (case in point, Backtrack). You'll also find that simply marketing a CD as a forensic CD doesn't make it a forensic CD (case in point, SPADA or Helix). That being said, whichever CDs you do choose, check them out in detail before using them. You may find some interesting items of note . . . )

regards,

farmerdude

What's wrong with Helix? Or are you just knocking it and spreading FUD
about Helix in order to promote your own CD?


   
ReplyQuote
(@armresl)
Noble Member
Joined: 21 years ago
Posts: 1011
 

If you knew anything about Famerdude, you would know that he helps the community a ton and he is not making hardly anything off that CD based on the hours he puts into it.

The last thing he does is put down other peoples items. I can tell you that he advises everyone to test test test and validate validate validate.

I find nothing wrong with this


   
ReplyQuote
Page 1 / 2
Share: