|
|
| Line 1: |
Line 1: |
| − | [http://www.forensicbootcd.com/ THE FARMER'S BOOT CD (FBCD)] is a unique Linux boot CD. Taking a different approach than other [[Live CDs]], this CD was designed and optimized for previewing systems before acquiring. THE FARMER'S BOOT CD contains a number of programs forensic practitioners can utilize to preview both Windows and Linux systems in a forensically sound manner. Developed by Thomas Rude ('farmerdude').
| + | == Why & Where == |
| | | | |
| | + | I'm interested to see how forensicswiki.org will grow. I own & operate [http://www.aeicomputertech.com AEI Computer Tech], a [http://www.aeiforensics.com Forensic] & [http://www.aeidownloads.com IT-based] company. |
| | | | |
| − | == Preview Capabilities == | + | == Important Links == |
| | | | |
| − | THE FARMER'S BOOT CD has been designed for previewing both Windows and Linux systems. On-site previews before acquisitions is an emerging trend in the U.S.A. due to legal and technological reasons.
| + | [http://www.aeicomputertech.com/forensics_definitions.php Forensic & Technical Definitions] |
| | | | |
| − | Below is a short list of what can be accomplished in a simple GUI on this CD;
| + | [http://www.aeicomputertech.com/forensics_file_signatures.php Known File Header Library] |
| | | | |
| − | - Mount file systems read-only, including journalled file system types
| + | [http://www.aeicomputertech.com/forensics_mail_header_info.php Mail Header Instructions] |
| − | - Obtain a list of deleted files for ext2, FAT12/16/32, and NTFS file system types
| + | |
| − | - Undelete deleted files from NTFS file systems
| + | |
| − | - Obtain both E-mail and URL addresses from the Windows "pagefile.sys" file
| + | |
| − | - Read the Recycle Bin INFO2 records
| + | |
| − | - Read Windows event log files (AppEvent.Evt, SecEvent.Evt, SysEvent.Evt)
| + | |
| − | - Read many log files from Linux systems (shell histories, system logs, security logs, accounting logs, etc.)
| + | |
| − | - Obtain file system metainformation (creation date, last mount and write date, version, label, UUID, etc.)
| + | |
| − | - Parse Internet cache files from IE, Mozilla, and Opera, pulling cookies and histories
| + | |
| − | - Catalog target file system, selecting files of interest by extension or header
| + | |
| − | - Convert date/time between UNIX 32bit, UNIX hex, human readable, Windows 64bit, and Windows hex
| + | |
| − | - Generate thumbnails for all graphics in fully qualified path filename
| + | |
| − | - Obtain drive information (serial number, make/model, firmware, HPA status, etc.)
| + | |
| − | - Obtain system BIOS table information (serial numbers, dates, UUIDs, etc.)
| + | |
| − | - Obtain system hardware catalog
| + | |
| − | - Double-clicking on most common file types opens them (Documents, Graphics, Presentations, Movies, Audio, etc.)
| + | |
| | | | |
| | + | [http://www.aeicomputertech.com/forensics_ports.php Known System Ports] |
| | | | |
| − | == Links ==
| + | [http://www.aeicomputertech.com/forensics_resources.php Forensic Resources & Articles] |
| | | | |
| − | [http://www.forensicbootcd.com/ THE FARMER'S BOOT CD Page] Main Page for THE FARMER'S BOOT CD (FBCD). | + | [http://www.aeicomputertech.com/forensics_tools.php Forensic Tools: Free, Commercial, & Government] |
| − | | + | |
| − | [http://www.forensicbootcd.com/site/view.html THE FARMER'S BOOT CD screen shots] Screen Shots for Delve Preview Program on the FBCD.
| + | |
| − | | + | |
| − | [http://www.forensicfocus.com/farmers-boot-cd Preview Data in Under Twenty Minutes] Paper on previewing data quickly at http://www.forensicfocus.com
| + | |
| − | | + | |
| − | [[category:Forensic Utilities]]
| + | |
