123Macmini.com
FAQFAQ   SearchSearch   MemberlistMemberlist   GalleryPhoto Gallery   RegisterRegister   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

BackTrack : Forensics & Linux

 
Post new topic   Reply to topic    123Macmini.com - Forums Forum Index -> Alternative Operating Systems
View previous topic :: View next topic  
Author Message
Aquafire
Veteran Member
Veteran Member


Joined: 19 Sep 2007
Posts: 2372
Location: AUS-USA

PostPosted: Wed Oct 01, 2008 9:21 am    Post subject: BackTrack : Forensics & Linux Reply with quote

In a recent copy of Linux Magazine, < (Use link to download PDf article) I read an interesting paper about the use of Linux for security / forensics & penetration testing etc.

It seems that Linux; already regarded is a very valuable tool for accessing important files in a broken Windows system; is also being increasingly turned towards the field of computer forensics.

While, there are a number of such 'forensic' Linux distros out there, (Helix and others come to mind), one in particular has come to be spoken of, in almost reverential terms..

http://www.linux.com/feature/138325

And this is where Backtrack steps into the limelight.

You may not ever need Back-Track, (released a few months ago) : but there may come a time, where it could really come in handy, for all those sorts of things, that require stealthy tracking, testing & sniffing, along with some advanced tools for retrieving deliberately or accidentally deleted or wiped data from HDDs.

For me, I have always had a love of Art & the dark underworld of Art Forgery and naturally, this lead me to fall in with a bunch of ruthless art dealers and forgerers, who in turn, led me to a path of Linux and of course ...Linux Forensics... afterall...what could be more natural ... ? Wink

Anyway, I downloaded a copy of BT3 and took it for a spin.

First impression is that it is like a "Black-Ops" version of Linux. I asked a few of my linux friends about it, and somewhat surprisingly they have never heard of it.

Running it "Live" is easy.

It has also, one of the most polished charcoal black-glass startups, I have ever seen. Also, you may enjoy the little insider tid~bits of humour that greet you as you boot up...

In many ways, it's a standard Linux OS running KDE, except that it is also packed with a whole bunch of security and forensic features...

It's available for download from here...

http://www.remote-exploit.org/backtrack_download.html

(3 formats...CD iso, VM, and USB.)

This is the basic sort of desktop that will greet you upon setup.



Anyway, try it out. I am sure, you will find it an invaluable tool that will sit perfectly in with Knoppix, Gparted, Boot'n'Nuke, Clonezilla, System Rescue and other fabulous Linux tools.

And who knows, they may lead you to a path of Art crime / forgery investigation & appreciation... Cool

Cheers

Aqua

PS : This page contains a more comprehensive list of the Linux Forensic distros out there. It's a little dated, but you'll get the picture.

http://www.darknet.org.uk/2006/03/10-best-security-live-cd-distros-pen-test-forensics-recovery/
_________________
Of the four X systems in the world.

Which would you choose?

OS X : LinuX : UniX or MS-BolloX.
Back to top
View user's profile Send private message
Fox
Veteran Member
Veteran Member


Joined: 01 Feb 2006
Posts: 2669
Location: Peterborough, Ontario, Canada

PostPosted: Sat Oct 04, 2008 6:39 am    Post subject: Reply with quote

Is it only for forensics, or does it also provide formatting, disk-checking and repair utilities like Rescue Disk?
_________________
Mini 1 (2011): 2.3 ghz Core i5; 8 gb RAM, Corsair 240gb SSD, 500 gb Seagate XT
Mini 2 (2009): 2.26 ghz Core 2 duo, 8 gb RAM, 500 gb Seagate used as HTPC
Also a Cube, 13" MacBook Air, 20" 2.66 ghz iMac & 11.6" Acer 1810TZ running Ubuntu & Crunchbang
Back to top
View user's profile Send private message
Aquafire
Veteran Member
Veteran Member


Joined: 19 Sep 2007
Posts: 2372
Location: AUS-USA

PostPosted: Sat Oct 04, 2008 8:43 am    Post subject: Reply with quote

Fox wrote:
Is it only for forensics, or does it also provide formatting, disk-checking and repair utilities like Rescue Disk?


Fox,

Basically, it's a stock standard distro with added forensic functionality.

Re : the first part of your question..

I haven't had time to do a full shake down test on it.

There is partitioning & formatting, but only via command tools..such as CFDISK

It's possible to install, but it may or may not be a good idea. Mind you, the idea of carrying around an emergency drive already loaded with BT-3 could be useful...but then again, why ? when you can run it off a USB stick.

http://kin.calvin.free.fr/blog/?p=16

As regards the other two issues : again, I'd have to check; but you'd probably be better off using the respective designed distros, that specialize in those areas.

Right now Fox, I am somewhat smitten by this distro, so I will be spending some more time with it, in order to flesh out its pros and cons.

Cheers

Aqua

Ps : let me know if your going to have a go at using it...
_________________
Of the four X systems in the world.

Which would you choose?

OS X : LinuX : UniX or MS-BolloX.
Back to top
View user's profile Send private message
rkubasiak
New Member
New Member


Joined: 22 Dec 2008
Posts: 2
Location: NY

PostPosted: Mon Dec 22, 2008 7:15 pm    Post subject: Reply with quote

For more information about Macintosh Forensics, check out my website at http://www.macosxforensics.com. It's a site dedicated to performing forensics with Macs as well as forensics against the Mac OS itself.

Ryan
_________________
Ryan R. Kubasiak
Apple Certified Support Specialist, EnCE, CCE, CEECS
www.MacOSXForensics.com
Back to top
View user's profile Send private message Visit poster's website
Aquafire
Veteran Member
Veteran Member


Joined: 19 Sep 2007
Posts: 2372
Location: AUS-USA

PostPosted: Mon Dec 22, 2008 7:24 pm    Post subject: Reply with quote

rkubasiak wrote:
For more information about Macintosh Forensics, check out my website at http://www.macosxforensics.com. It's a site dedicated to performing forensics with Macs as well as forensics against the Mac OS itself.

Ryan


That looks like an good site.

The reference to Raptor is appreciated.

Too few Linux/unix distros contain Mac HFS & HFS+ read functionality.

I think it will find a ready place in my toolbox...

Thanks again

Aqua
_________________
Of the four X systems in the world.

Which would you choose?

OS X : LinuX : UniX or MS-BolloX.
Back to top
View user's profile Send private message
rkubasiak
New Member
New Member


Joined: 22 Dec 2008
Posts: 2
Location: NY

PostPosted: Mon Dec 22, 2008 7:40 pm    Post subject: Reply with quote

Anytime!

Raptor is an excellent tool! It support Read/Write to NTFS, Ext2/3, HFS+ and FAT32. It boots all of the current Intel Mac models and there is a PPC version that boots most PPC Macs too.

Thanks for the postive feedback.

Ryan
_________________
Ryan R. Kubasiak
Apple Certified Support Specialist, EnCE, CCE, CEECS
www.MacOSXForensics.com
Back to top
View user's profile Send private message Visit poster's website
adain
New Member
New Member


Joined: 09 Dec 2009
Posts: 1

PostPosted: Wed Dec 09, 2009 6:04 am    Post subject: Reply with quote

Thanks for taking the time to help, I really apprciate it.
_________________
Inter HSC Part 2 Pre-Medical Result
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    123Macmini.com - Forums Forum Index -> Alternative Operating Systems All times are GMT - 5 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



      

Shop:  Apple Store  |  Refurbished Macs  |  Refurbished iPads  |  MacConnection  |  Mac Mini Vault  |  Other World Computing

MK 1 Studio Mac mini Racks  |  Crucial Mac Memory  |  Top Free Mac Apps  |  Top Paid Mac Apps



123Macmini.com is an independent publication and has not been authorized, sponsored, or approved by Apple Computer, Inc.
All logos and trademarks in this site are property of their respective owners.
Copyright © 2011 123Macmini.com. All Rights Reserved.