Dear all,
I am trying to create a strategy for conducting a live forensics exercise on a linux machine. Most of the research I have carried is pointing me to create a live linux cd and boot the suspect machine, however I do not want to reboot the suspect machine.
I am somewhat familiar with Linux but I would not be very proficient.
My task is to create a cd of Linux tools with will enable me to extract information from a running linux machine.
I want to urn my own tools as I want to eliminate the risk of the tools on the suspect machine being compromised.
My question is
Is it possible to create a cd and burn coreutilites on in it as static binaries. Then place the cd in the suspect machine mount it and run the commands. I know i need the root password to mount, Is there a way around this??..
Any guidance would be really helpful
thanks
James