Hey! Just wanted to your opinion on what's the best Linux distro for CF and why? - I'm setting my laptop up to triple boot, but I'm not sure what to install for my Linux partition.
Hey! Just wanted to your opinion on what's the best Linux distro for CF and why?
The best distribution is probably the one that provides you with the tools you need in your work, and gives you adequate room for additions/improvements/etc, while still providing for support and management of the distribution itself. I should think the reason why it is best is fairly obvious. If you have another idea of what is best for you, please state it.
As CF is not a monolithic area, it is not clearly useful to try to be more specific. Are you a beginner, or an expert on another platform? The best distribution need not be the same for both categories of users. What are you focusing on file system examination (what file systems), or OS artifacts (what OSes), or application artifacts (what applications), software/malware analysis (what platform – Linux may not be the best if you plan to focus on Windows malware, for example), network forensics, cellphone forensics, intrusion investgations, etc, etc, etc.
If you are a beginner and just don't know … just take a distribution, and start using it. You'll learn. If you're a relative newbie to Linux as well, I suspect it may be better to stay away from forensic distributions and instead choose one of the most common distributions. Not so much for CF work, but for learning. Of course, if you already have that kind of environment, go with any of the forensic distributions – they all have faults, but it's anybody's guess if those faults will be important to you or not.
But you already knew that, I hope.
(Added if you're totally blank on Linux CF distributions, have a look at SIFT from SANS.)
Have a look at CAINE also
http//
jaclaz
I suggest, along with @athulin and @jaclaz that you look at the distributions already configured for forensic response and investigation, i.e., SANS SIFT, CAINE, or RAPTOR.
Once you have a grip on "the" tools you would use most, Ubuntu's latest long term support version is a great starting point to begin downloading, compiling, and configuring a custom Ubuntu Linux toolset.