Kern - yes, sorry - I meant http//deft.yourside.it/ for DEFT
This one too
Hi David,
I use Slackware 12 for THE FARMER'S BOOT CD (FBCD). This is because Slackware is small in size, clean, and the least customized of popular and user friendly Linux distributions. And until version 12, Slackware came stock with the vanilla kernel from kernel.org
Ubuntu, Red Hat, Suse, and Mandrake all heavily customize their kernel, and their desktop environments. And this is where the rubber meets the road for data forensics (where auto recognition and auto mounting occur).
I will be releasing a version of my CD in early to mid-March 2008 that allows you to install it to your hard drive. What you get is the CD environment, that has been optimized and configured for forensics and incident response work, now installed on your forensic platform. Using the CD is great, but having it from your hard drive where you can further keep applications up-to-date, install other non-installed applications, etc., further empowers you.
The most important resource when customizing your forensic platform is time. Time to learn about the operating system environment, time to learn about the applications, and time to validate them. In the short run, if you are short on time, using an environment that has been set up already for you may be beneficial.
cheers!
farmerdude
Good morning,
I look forward to seeing your next release. Using the same distribution in the shop and in the field is an appealing prospect, and the ability to keep components updated on the HD version is particularly appealing.
-David
Hi David,
Check out
But you are right - having the same environment in the field for on-site work and then back in the lab is good stuff. Familiarity and comfort. A "problem" with applications on boot CDs is expiration date. Which is why I've never included any application that has a signature database (virus scanners, rootkit hunters, etc.) - they take up space and are out-of-date once you roll your ISO. So being able to run the same distro on your hard drive in your lab, but being able to install these expiration applications and keep them up-to-date, along with the other applications, is advantageous.
regards,
farmerdude
I've got a Fedora Core install that works as well as any other version that I've come across, however in a production environment, I think that there is a good argument for using Ubuntu, RedHat or SuSE where there is an option of support, I realise that in some cases this will negate the _cost_ benefit of using "open sauce", but it may be worthwhile when that brand spanking new, horribly expensive, graphics card you just bought doesn't work properly …
Most of the tools will be usable on OpenBSD, FreeBSD or Solaris as well, each of which has it's own special lovable features 😉
At the heart of the matter is the Linux kernel, followed by how the distributions customize their environment. The simple reality of it is you can use any distribution if you have a good Linux kernel and customize the environment to be forensically sound and optimized.
Cheers!
farmerdude
http//
http//
My vote is for Helix. You can not only use it as a great forensic live cd, but you can also install it locally and use it as a full OS.
I use Slax. Easily modified and customizable with a small footprint..)