woodland,
The cynical tone of the majority of your posts is inappropriate for this forum. If you wish to remain a member here, take note.
Jamie
Hey Wardy,
I just wanted to clarify my statements as to why Backtrack does provide much value to the forensic community and it may make more work for forensi analysts.
Backtrack is a fantastic CD that I like and use as a security professional. It is NOT a forensics CD. It was not designed for forensics work. It is designed more for pentesting than anything else. If your forensics work require you to do some exploitation, reconnaiscance, etc, then you might find value in it but it isn't something the forensics community as a whole will be using regular for actual forensics work.
Why would it possibly create more work for forensic analysts? A great example would be if you had an attacker who booted a box in their company, a local cyber cafe or similar with the Backtrack CD. They crack a database server owned by X company, copy the employee and customer database to the USB drive they plugged in and reboot the machine taking the Backtrack CD and USB drive with them. Did that make the forensic analyst's job harder?
That's all. I can assure you I was not knocking Backtrack. It is an awesome CD. In fact, I would love to see a "forensics" CD based on it, or SLAX, instead of Knoppix, like Helix. That isn't a knock about Helix either. 😉
-jhs
woodland,
I've never knocked anything I can't back up … that's too easy and cheap.
I'm not actively promoting FBCD, it's doing what it does on its own. If some find value in it, excellent. Feedback from users where it's helped them in specific cases has been great to hear and development continues. However, it's not for everyone.
I think simple testing of Helix will reveal it's issues. I do get asked this, why don't I just list them. I think thirty seconds of thought answers why I don't list out what's wrong in a forum or e-mail. However, anyone who attended my hands on lab at the Cybercrime Summit here in Atlanta back in March saw first hand what's wrong with Helix. I didn't have to tell them, they were able to see it for themselves. But what became apparent is that many folks don't know their environments in and out and don't test and validate. To each their own, as it's said.
But I would never want anyone to think I was putting down any product to promote my own. I would rather articulate what works with mine and leave it at that. There'll never be just one boot CD for all environments and cases.
regards,
farmerdude
Just for everyone's info, the user account "woodland" has been closed.
J
Not to go off topic here, but I am guessing that he (woodland) has made other such comments in other threads? )
Yep.
J
Just to throw my 2cents in. (and I realize this is not a product promotion topic /forum) But, I own a license to Farmerdude's boot CD. Before buying it, I had questioned him extensively on the make up of his CD and it's comparison to other boot CDs. For the life of me, I could not get him to slam the competition. (I like the “juicy†part of details when shopping or comparing things to one another). He would only promote areas were he believed his product differed from others…never once mentioned another product as poor or bad…etc.
You'll find that simply adding forensic tools doesn't make a forensic boot CD (case in point, Backtrack). You'll also find that simply marketing a CD as a forensic CD doesn't make it a forensic CD (case in point, SPADA or Helix). That being said, whichever CDs you do choose, check them out in detail before using them. You may find some interesting items of note . . . )
regards,
farmerdude
Forensic is defined by the Oxford Dictionary as ‘Of, used in, courts of law’ therefore by definition anything that is used of or in a court of law is ‘forensic’. Hence Forensic Medicine, Forensic Dentistry, Forensic Science, Forensic Accounting just about anything, if the court decides to use it. SPADA is a modified version of KNOPPIX developed by Law Enforcement Officers for use by Law Enforcement Officers. In part I helped develop SPADA to address a specific need for a substantial investigation undertaken by my department here in Australia. It was during the validation process of KNOPPIX that it was decided that we needed to do a remaster because of some issues we had with ‘raw KNOPPIX’ at the time. As nothing else existed that filled the needs of our investigation teams for a simple onsite preview tool that could be rolled out quickly and executed simultaneously across our state, an area six times the size of the United Kingdom and twice the size of Texas we made our own. Further as it was such an effective means to access computers onsite we ported some of our lab based BSD tools for our own use to it. SPADA has been used in over 600 warrants and has provided evidence in over 150 criminal cases in my Jurisdiction alone. On the few occasions that the evidence obtained from use of the CD has been challenged the courts here have upheld the admissibility of the evidence and convicted the defendants. Due to the police community being a ‘band of brothers’ we freely shared with our fellow officers when asked, SPADA is currently used by over 15 International Police Agencies as well as many State and Local Agencies. I am attached to a unit in our State Crime Operations Command called the ‘Forensic Computer Examination Unit’ it only seems natural to ‘name’ a CD produced by us that boots a computer to gather evidence for use in a court of law a ‘Forensic Boot CD’ we market nothing as we are not a company but a group of cops that lock paedophiles up.
Farmerdude is correct in that no matter what you use, know your tool, know its limitations and validate and verify. Taken to the extreme, if the need arises, a Windows Installation Boot CD if used to gather evidence for production in court is a Forensic Boot CD.
Farmerdude, I currently use Helix and I was not able to attend the summit. Can you summarize the shortcoming of the Helix CD that you demonstrated?
Thanks,
A
Farmerdude,
I'm using Helix alot for live system. Appreaciate if you could share with us on the problems of Helix Cd. At least we can prepare for any arguement later when our case goes to court. lol