Just wanted to let people know about the BackTrack linux boot CD that is the coming together of the Whax and Auditor boot CDs.
BackTrack is a really useful boot CD that gives you all the networking tools, including Kismet working and all the bluetooth tools as well. It really saves hours of trying to compile all the obscure tools and getting the hardware recognised. Give it a try
Jusr remember that it is NOT FORENSICALLY SOUND
Home Page http//
Ta
Andy J
given your exposure to this CD. would you please enlighten us on what value this CD brings to the community and what differentiate it from other offerings like hoppix, helix, …etc.
It doesn't add any value to the forensic community. If anything, it will make more work for forensic analysts. Admittedly, it does included tools like autopsy and sleuthkit, but it is designed for network auditing and penetration testing. Auditor was for information assurance and auditing so that you could check for rogue wireless APs, break WEP, scan via Nmap and Nessus, etc. Whax was for penetration testing as it provided some similar tools along with tons of exploit code! I don't think a forensic analyst needs any of those unless he/she is trying to determine which thing was used to break in or exploit the host they are analyzing.
If you need a LiveCD for pentesting, wireless recon, etc, Backtrack is great. If you need a LiveCD for forensics, stick to Helix (just update it as the tools get outdated quickly).
The reason for posting was to highlight a worthwhile, easy to use boot CD which contains a large group of network tools that can and are used by hackers and others on a daily basis.
From a forensic point of View? As a forensic examiner you may encounter any number of cases that involve networks and the recovery of evidence of an intrusion.
I understand that some forensic examiners do not encounter intrusion cases on a regular basis, I currently do and use pen test tools in my investigation's. I also have on occasion used the network sniffing tools to analize the network traffic of a cloned suspects machine to see what network traffic is being sent from the machine. Handy for Trojan defence cases or the investigation of malware.
Hey, maybe I should of made it clearer that it wasn't a FORENSIC boot CD, but IMHO it's still worth a look for forensic examiners, as you can never have too many tools in the toolbox.
As for Linux boot CD's, Helix is a good choice , but I prefer the SMART linux boot CD.
Jusr remember that it is NOT FORENSICALLY SOUND
Can you please explain your comment about the BackTrack CD not
being "forensically sound"?
It doesn't add any value to the forensic community.
It doesn't?
If anything, it will make more work for forensic analysts.
It does???
I would have to disagree.
Can you please explain your comment about the BackTrack CD not being "forensically sound"?
It's not built with forensics in mind, unlike SMART or Farmerdude's boot cd.
Try booting it on a machine, then type mount and swapon -s
root@slax~# mount
tmpfs on / type tmpfs (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/hda1 on /mnt/hda1 type ext2 (rw)
/dev/hda3 on /mnt/hda3 type ext3 (rw)
usbfs on /proc/bus/usb type usbfs (rw)
root@slax~# swapon -s
Filename Type Size Used Priority
/dev/hda2 partition 250416 0 -1
I would strongly advise testing and validating the Linux Boot CDs you choose before using them for real work. It's easy to take a remaster script and remaster a product. You'll find that simply adding forensic tools doesn't make a forensic boot CD (case in point, Backtrack). You'll also find that simply marketing a CD as a forensic CD doesn't make it a forensic CD (case in point, SPADA or Helix). That being said, whichever CDs you do choose, check them out in detail before using them. You may find some interesting items of note . . . )
regards,
farmerdude
I would strongly advise testing and validating the Linux Boot CDs you choose before using them for real work. It's easy to take a remaster script and remaster a product. You'll find that simply adding forensic tools doesn't make a forensic boot CD (case in point, Backtrack). You'll also find that simply marketing a CD as a forensic CD doesn't make it a forensic CD (case in point, SPADA or Helix). That being said, whichever CDs you do choose, check them out in detail before using them. You may find some interesting items of note . . . )
regards,
farmerdude
What's wrong with Helix? Or are you just knocking it and spreading FUD
about Helix in order to promote your own CD?
If you knew anything about Famerdude, you would know that he helps the community a ton and he is not making hardly anything off that CD based on the hours he puts into it.
The last thing he does is put down other peoples items. I can tell you that he advises everyone to test test test and validate validate validate.
I find nothing wrong with this