Notifications
Clear all

SKADI  

  RSS
trewmte
(@trewmte)
Community Legend

Skadi is a free, open source Ubuntu based VM that enables the collection, processing and advanced analysis of forensic artifacts and images. It contains tools
•Plaso
•CDQR
•CyLR
•Docker
•ElasticSearch, Logstash, Kibana (ELK)
•Redis
•Neo4j
•Celery
•Cerebro

https://github.com/orlikoski/Skadi/wiki/How-to-install-Skadi-from-a-USB-Drive

Quote
Posted : 15/08/2018 9:00 am
MDCR
 MDCR
(@mdcr)
Active Member


Not to attack just this, but more of "forensics distros" rant in general

I'd rather see some sort of bootable CD/DVD/USB distro that focus on collection and data recovery than some distro put together by some random person with too much free time that thinks that live forensics is the norm. Also, not just focusing on the Linux world with preinstalled tools that need to be started from the media.

ELK? Neo? Are you f-ing kidding me?

A distro that focus on acquisition to useable, portable fileformats with a wide, multiple selection for each category, i.e. to dump memory, capture network traffic, image disks and external devices (mobile phones, GPS, drones) would beat any such distros in a heartbeat because it, you know, focus on reality.

ReplyQuote
Posted : 15/08/2018 11:28 am
kastajamah
(@kastajamah)
Member

Sounds like Paladin would be a good candidate based on your rant above. I have used it since 2012, and it is a great free tool.

The first post in this string seems more like an advert for SKADI than anything else.

ReplyQuote
Posted : 15/08/2018 2:59 pm
thefuf
(@thefuf)
Active Member

Sounds like Paladin would be a good candidate based on your rant above. I have used it since 2012, and it is a great free tool.

A live forensic distribution executing malicious code from a suspect drive

A live forensic distribution writing to a suspect drive

ReplyQuote
Posted : 15/08/2018 3:33 pm
trewmte
(@trewmte)
Community Legend

<rant>
Not to attack just this, but more of "forensics distros" rant in general

I'd rather see some sort of bootable CD/DVD/USB distro that focus on collection and data recovery than some distro put together by some random person with too much free time that thinks that live forensics is the norm. Also, not just focusing on the Linux world with preinstalled tools that need to be started from the media.

ELK? Neo? Are you f-ing kidding me?

A distro that focus on acquisition to useable, portable fileformats with a wide, multiple selection for each category, i.e. to dump memory, capture network traffic, image disks and external devices (mobile phones, GPS, drones) would beat any such distros in a heartbeat because it, you know, focus on reality.
</rant>

It's OK to rant… it's healthy. So I take it you don't like Skadi et al lol Yeah, I get what you are saying; just passing on what has been found… might be helpful to students or someone else..

ReplyQuote
Posted : 15/08/2018 5:24 pm
jaclaz
(@jaclaz)
Community Legend

Sounds like Paladin would be a good candidate based on your rant above. I have used it since 2012, and it is a great free tool.

The first post in this string seems more like an advert for SKADI than anything else.

Well, if that is an ad, yours is astroturfing 😯 .

Surely trewmte is only sharing a bit of information he has, nothing more, nothing less. )

But you can check here to see how masked advertising/astroturfing actually looks like wink
https://www.forensicfocus.com/c/aid=254/reviews/2018/forensic-falcon-neo-from-logicube/

@MDCR
Not particularly ranting IMHO, but you surely hit the nail right on the head. !

@thefuf
Thanks for the inside look in these matters, very interesting as always.

jaclaz

ReplyQuote
Posted : 15/08/2018 5:28 pm
trewmte
(@trewmte)
Community Legend

Surely trewmte is only sharing a bit of information he has, nothing more, nothing less. ) jaclaz

Yes, thanks jaclaz. Just sharing.

ReplyQuote
Posted : 15/08/2018 6:29 pm
kastajamah
(@kastajamah)
Member

@thefuf Thank you for the information.

@jaclaz valid point. I will now eat my humble pie. )

ReplyQuote
Posted : 15/08/2018 6:44 pm
jaclaz
(@jaclaz)
Community Legend

@jaclaz valid point. I will now eat my humble pie. )

Naaah, no need to ) (unless of course you actually like it ? ).

Should you want to taste some of my own NSHP (Not So Humble Pie) wink you are welcome anytime.

jaclaz

ReplyQuote
Posted : 15/08/2018 7:43 pm
Share: