I have a Fedora 9 system and would like to install the forensics tools from the Fedora repository. The only tool I found is the foremost that I am familiar with. What other tools are available on Fedora 9?
Thank you in advance.
I doubt you'll find any official up to date packages.
Just download and install/compile from source, that way you'll get the most up to date versions. I wouldn't even bother with foremost version you found unless its the very latest.
If your not sure how to compile from source, it's something you are really going to want to figure out of you intend to use linux.
I use Debian and there are many forensic tools available, perhaps some of them also run with Fedora? Think it's worth to try.
Examples
scalpel instead of foremost
pasco, rifiuti, gellata
autopsy browser
ewfacquire
gphoto2
mactime
and others.
Chris
As Adamd says - download the source and install - if there are packages on Fedora, the release cycle will make them at least 3 months out of date at best !
Even if you aren't a Linux guru - installing from source isn't particularly hard - your biggest issue will be tracking down all the required dependencies if it starts to be difficult ?
If you get stuck - PM me …
Hi kleanchap,
You _may_ want to consider a different distribution for data forensics. There are many, and any of the latter distributions are geared toward desktop users. What does this mean? Auto-recognition of hardware, auto-mounting of file systems, heavily customized desktop environment, and ultimately in most distributions a tie in to libraries and a custom kernel. Wherein if you make changes, too many changes, you find yourself frustrated and perhaps with broken tools or lots of clutter.
Are you new to Linux? Linux and Data Forensics?
I ask because if you are, you may consider a different distribution from the outset. In my training I instruct on Slackware Linux. Additionally, THE FARMER'S BOOT CD is Slackware Linux. This is not a flame war over distributions, but simple fact is that currently, and to-date, Slackware has the cleanest and least customized of all popular Linux distributions. This allows for the required customizing for data forensics more easily than say Fedora or Suse.
Separately from the distribution you ultimately choose to use is the issue of applications. I do recommend that you grab the source code for those applications you are interested in using, kleanchap, and compile it yourself. You want to do this against your system, because you'll want (and need) to link against your environment and libraries.
Also, when you simply install a package from a repository all you get is what the package composer put together. This _is_ key, because maybe; A) That person didn't have your needs nor interests in mind, B) That person didn't include an option you want, C) That person included an option you don't want, D) That package isn't optimized for your system. I have found this in a number of the popular Linux boot CDs oriented toward data forensics. The maintainers simply install a package and do not compile it from source against their environment.
I hope something here helps. Check out Slackware Linux. There are too many applications to list here, both designed for data forensics and otherwise, but GOOGLE is your friend.
Cheers!
farmerdude
http//
http//
Thank you everyone for replying!
Farmerdude, I am an old time Slackware (and SLS) user. I have been out of touch with the Linux system for the past 4 years. Slackware has changed and my interests are with SELinux as well. Therefore I am considering Fedora. I still love Slackware for it's simplicity.
I would rather download the precompiled tools for Fedora and concentrate on the Forensics tools and techniques rather than building the tools.
It looks like you have an initiative with your Forensics CD which looks pretty impressive. I might consider that. I have played around with Helix for now.
Thanks again for all the tips!
K
I have a Fedora 9 system and would like to install the forensics tools from the Fedora repository. The only tool I found is the foremost that I am familiar with. What other tools are available on Fedora 9?
FC9 has at least native packages of the following programs and they're quite up to date
* afflib
* libewf
* testdisk/photorec
afflib.i386 Library to support the Advanced Forensic Format
afflib-devel.i386 Development files for afflib
afftools.i386 Utilities for afflib
aimage.i386 Advanced Disk Imager
ewftools.i386 Utilities for libewf
libewf.i386 Library for the Expert Witness Compression Format (EWF)
libewf-devel.i386 Development files for libewf
testdisk.i386 Tool to check and undelete partition
testdisk-doc.i386 TestDisk & PhotoRec documentation
FYI just run 'yum search <package you're searching>' to see if FC9 has a package for it.
K,
Remember, you're only as good as A) your knowledge and B) your tools.
If you choose not to compile the applications yourself (which is certainly what many folks do, you're not alone, and this is acceptable) you're at the mercy of someone else to compile that application for you. And you're hoping that they've done everything right for you. )
But probably more to the point, as you're finding, there are A) many applications that haven't been put in a package form for you but may prove useful for you and B) a number of the packages are old and in some cases out dated and not worthy of the time you'd invest in using them.
Separately from compiling from source you have the option to invest in an environment that has everything there for you - such as THE FARMER'S BOOT CD 😉
I worked at Red Hat. I like the company and appreciate both RHEL and Fedora, but Fedora and forensics aren't a happy pairing. You've got a lot of work ahead if you choose Fedora as your platform.
Cheers!
farmerdude
http//
http//