I use the old 1.8/1.9 (2.0) LiveCD of helix still alot. I image to a server on a different floor where I RDP to perform my work via /span which works very well.
In order to get my images down to the server, I almost always Boot to Helix, run adepto and netcat it to the machine. The nature of my work doesn't require hashing of the original drive so this isn't an issue.
What I have started to run into is that Helix won't have a needed driver for say, the network card, which then renders netcat out of the question. It isn't a total loss, as I jsut then pull the drive, and run adepto from my laptop attached via a write blocker. Of course that puts my laptop out of use until he image is done. On a 250 GB drive, that will be awhile…
Has anyone come across a util that will work just as described above, where I can boot to a LiveCD, and run a tool like Adepto?
Or perhaps, know of a package or source code where I can install it to an up to date Linux?
I tried seeing if Drew Fahey had ever released his Phoenix, but it seems that around 2009, he drops off the net, and started working for Blackbag. I'm happy for him, unhappy for me.
Thank you for any idea's or recommendations.
–Bruce
Simple solution would be to make your own boot device (cd or thumb drive) with a light Linux distro or Win PE.
Greetings,
I use WinPE a lot these days, partly because it a) has more drivers than most all other options and b) is easy to customize.
Have you tried BackTrack or Paladin/Raptor?
-David
I just downloaded Paladin yesterday, and will be giving it a try.
I also tried BT5 yesterday. They have a bug where they are using DC3DD v7.0 with AIR 2.0 which according to the AIR web site, is not supported. (and does indeed generate an error when selected)
I was still able to do an image via netcat with BT5
I do maintain a weekly UBCD4WIN build mainly for assisting our desktop support users so they can boot live to a PGP Whole Disk Encrypted drive, authenticate to the drive and then do a malware scan without decrypting the drive first. I guess I could just add the FTK imager to it and make a much smaller build for doing the images.
Thank you for the great advice.
–Bruce