BackTrack : Forensics & Linux

[Aquafire]

In a recent copy of Linux Magazine, < (Use link to download PDf article) I read an interesting paper about the use of Linux for security / forensics & penetration testing etc.

It seems that Linux; already regarded is a very valuable tool for accessing important files in a broken Windows system; is also being increasingly turned towards the field of computer forensics.

While, there are a number of such 'forensic' Linux distros out there, (Helix and others come to mind), one in particular has come to be spoken of, in almost reverential terms..

http://www.linux.com/feature/138325

And this is where Backtrack steps into the limelight.

You may not ever need Back-Track, (released a few months ago) : but there may come a time, where it could really come in handy, for all those sorts of things, that require stealthy tracking, testing & sniffing, along with some advanced tools for retrieving deliberately or accidentally deleted or wiped data from HDDs.

For me, I have always had a love of Art & the dark underworld of Art Forgery and naturally, this lead me to fall in with a bunch of ruthless art dealers and forgerers, who in turn, led me to a path of Linux and of course ...Linux Forensics... afterall...what could be more natural ... ?

Anyway, I downloaded a copy of BT3 and took it for a spin.

First impression is that it is like a "Black-Ops" version of Linux. I asked a few of my linux friends about it, and somewhat surprisingly they have never heard of it.

Running it "Live" is easy.

It has also, one of the most polished charcoal black-glass startups, I have ever seen. Also, you may enjoy the little insider tid~bits of humour that greet you as you boot up...

In many ways, it's a standard Linux OS running KDE, except that it is also packed with a whole bunch of security and forensic features...

It's available for download from here...

http://www.remote-exploit.org/backtrack_download.html

(3 formats...CD iso, VM, and USB.)

This is the basic sort of desktop that will greet you upon setup.



Anyway, try it out. I am sure, you will find it an invaluable tool that will sit perfectly in with Knoppix, Gparted, Boot'n'Nuke, Clonezilla, System Rescue and other fabulous Linux tools.

And who knows, they may lead you to a path of Art crime / forgery investigation & appreciation...

Cheers

Aqua

PS : This page contains a more comprehensive list of the Linux Forensic distros out there. It's a little dated, but you'll get the picture.

http://www.darknet.org.uk/2006/03/10-best-security-live-cd-distros-pen-test-forensics-recovery/
_________________
Of the four X systems in the world.

Which would you choose?

OS X : LinuX : UniX or MS-BolloX.

[Fox]

Is it only for forensics, or does it also provide formatting, disk-checking and repair utilities like Rescue Disk?
_________________
Mini 1: 2.3 ghz Core i5; 8 gb RAM, Corsair 240gb SSD, 500 gb Seagate XT
Mini 2: 2.26 ghz Core 2 duo, 8 gb RAM, 500 gb Seagate
Also a Cube, 13" MacBook Air, 20" 2.66 ghz iMac & 11.6" Acer 1810TZ running Ubuntu, Mint & openSuse

[Aquafire]

[rkubasiak]

For more information about Macintosh Forensics, check out my website at http://www.macosxforensics.com. It's a site dedicated to performing forensics with Macs as well as forensics against the Mac OS itself.

Ryan
_________________
Ryan R. Kubasiak
Apple Certified Support Specialist, EnCE, CCE, CEECS
www.MacOSXForensics.com

[Aquafire]

[rkubasiak]

Anytime!

Raptor is an excellent tool! It support Read/Write to NTFS, Ext2/3, HFS+ and FAT32. It boots all of the current Intel Mac models and there is a PPC version that boots most PPC Macs too.

Thanks for the postive feedback.

Ryan
_________________
Ryan R. Kubasiak
Apple Certified Support Specialist, EnCE, CCE, CEECS
www.MacOSXForensics.com

[adain]

Thanks for taking the time to help, I really apprciate it.
_________________
Inter HSC Part 2 Pre-Medical Result