What are some good Linux distro for forensic? Which one do you prefer, why?
CAINE, DEFT, SIFT, PLAINSIGHT, HELIX3, etc …
What are some good websites to download images for practice?
websites that are not mention here, http//www.forensicfocus.com/images-and-challenges
SIFT
Why restrict yourself to a Linux distro?
DEFT
Why restrict yourself to a Linux distro?
This. By restricting yourself to a linux distro, you're limiting yourself to certain tools e.g autopsy, sleuthkit etc. Don't get me wrong, those tools are interesting to use, but IMHO, autopsy is in dire need of an update. When you compare FTK Imager to autopsy, I know which one i'd prefer to use. Also, you should probably learn how to use tools/software quickly. CLI isn't exactly quick - which might be its downfall in a real-world investigation. SIFT or Kali Linux are good forensic distros. I've used CAINE but i'm not a fan.
By restricting yourself to a linux distro, you're limiting yourself to certain tools e.g autopsy, sleuthkit etc.
These tools also run on Windows, and can be downloaded individually on either platform.
Don't get me wrong, those tools are interesting to use, but IMHO, autopsy is in dire need of an update.
Okay, I get it…but Brian Carrier has been updating Autopsy for a while, and has also opened it up so that anyone can write their own modules/plugins…so if you feel that it needs to be updated, you can do so.
However, I'm still unclear as to why this needs to be a Linux distro.
Also, you should probably learn how to use tools/software quickly. CLI isn't exactly quick - which might be its downfall in a real-world investigation.
Interesting. I can't say that I agree. I've compiled and analyzed timelines from images in less time that other analysts have reported that they're automated GUI tools have finished running.
SIFT or Kali Linux are good forensic distros. I've used CAINE but i'm not a fan.
Don't get me wrong…I'm not against having a Linux distro. I'm just curious why the OP specified having a Linux distro.
What are some good Linux distro for forensic? Which one do you prefer, why?
CAINE, DEFT, SIFT, PLAINSIGHT, HELIX3, etc …
What are some good websites to download images for practice?
websites that are not mention here, http//www.forensicfocus.com/images-and-challenges
Thanks
I've enjoyed DEFT and SIFT. Helix I have had a good track record with 5 years ago…the professional version was only 300 USD…you may want to contact efense to see about getting a subscription to get the latest.
DEFT has DART which has a decent tool set for incident response. I have not taken the time to use CAINE.
Don't get me wrong…I'm not against having a Linux distro. I'm just curious why the OP specified having a Linux distro.
Don't get me wrong…I'm not against having a Linux distro. I'm just curious why the OP specified having a Linux distro.
Why not? What do you recommend to the OP beyond pre-built FOSS?
Why not? What do you recommend to the OP beyond pre-built FOSS?
Beneath the OP's name, it says "newbie". Assuming that, along with their presence in the forums, there are also new to DFIR work, in general, I do not recommend the use of pre-built distros until the analyst develops their own ability to discern the need for such things.
Why not? What do you recommend to the OP beyond pre-built FOSS?
Beneath the OP's name, it says "newbie". Assuming that, along with their presence in the forums, there are also new to DFIR work, in general, I do not recommend the use of pre-built distros until the analyst develops their own ability to discern the need for such things.
Interesting. Thanks for the reply.
Interesting.
Cool.
How so?