Just wondering if anyone had a suggestion for an OS with a minimal memory footprint that I could put on a USB?
(I want to see if something like this would for "guillotine" style memory acquisitions.)
Thanks for Necroing this topic. I have a live forensics disk I've wanted to put on a HDD for a while, and the poor man's install method sucks. Going to try this out.
I don't think it's been mentioned yet, but I've been extremely happy with CAINE on a live-USB stick. There is a raw .dd image(nbcaine) that is easily copied to a blank USB key and contains a good set of basic tools.
Cheers
I like the unetbootin. I just d/l it and, voila!, it worked like a charm.
? I was wondering if it was possible and, if so, how to use more than one ISO on a single USB, so I can select the tool into which I wish to boot from the initial menu.
Anyone?
Thanks, in advance, for your help.
Erowe
MSRAMDUMP from mcgrew security is perfect for the guillotine methos just use unetbootin to get the ISO version onto the stick.
htt p//
Hope This helps
Mialta
Hello Everyone,
Guys I have created a live UBS Key using unetbootin and i have burnt a copy of helix on to it, and it all runs fine. What i am trying to do is use a tool that will allow me acquire a private network folder of a suspect for example, to an external hard disk, I would then like to hash it for verifaction, Does anyone know if this is possible??
Are there any tools on the market to allow me to do this, I am getting a copy of Encase FIM on demo soon, but I am just looking to see if anyone has used this method of acquiring specific data rather than a whole HDD images.
Thanks in advance
Great forum by the way.
James
Ireland….
Hi, after reading this forum and searching for fedora, I was wondering from an expierenced point of view, how reliable is fedora too use ? ?
thanks .
What are you wanting to do with Fedora?
I do not recommend it as a platform for data forensics unless you have deep Linux knowledge to heavily tweak the environment.
Cheers!
farmerdude
I have been using helix (2008r2 via unetbootin) on USB for a while now. It is very useful on a variety of machines especially the subnote, mini laptops and netbooks.
For the most part the USB version works as you would expect but lately I have been using it on the netbooks (EeePC, HP Mini, etc.) and found that the screen resolution is off and the gui versions of LinEn and Adepto/dcfldd are not displayed correctly.
LinEn could not be used at all with the gui as it lacks the tab commands (Acquire, etc.) that are usually present down toward the middle of the gui.
Adepto can be used but the Start button is off the screen. Actually a sliver of the Start button is visible and you can tab to it if you are careful. I have tried to adjust the screen resolution and windows to no useful effect. It might be possible to use a different monitor if you have that ability.
So, I would brush up on the command line options if you will be working on the smaller machines.
The other issue I have found is that on some of these smaller machines is that the USB ports can be flaky. If you run into issues where you cannot mount a drive or experience odd behavior try switching the ports you are using.