Difference between pages "ALT Linux Rescue" and "Compression"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
m (External Links: +starterkits)
 
(Deflate/Inflate)
 
Line 1: Line 1:
{{Infobox_Software |
+
{{Expand}}
  name = ALT Linux Rescue |
+
  maintainer = Michael Shigorin |
+
  os = {{Linux}} |
+
  genre = {{Live CD}} |
+
  license = {{GPL}}, others |
+
  website = [http://en.altlinux.org/Rescue en.altlinux.org/rescue] |
+
}}
+
  
'''ALT Linux Rescue''' is yet another sysadmin's [[Live CD]] with some forensic capabilities and features.
+
== LZ-based ==
  
== Intro ==
+
=== Deflate/Inflate ===
 +
Used in:
 +
* [[Gzip|gzip]]
  
This weekly-updated image is intended to be text-only toolchest for data analysis and recovery.
+
=== LZNT1 ===
 +
Used in:
 +
* [[NTFS]]
 +
* [[Windows SuperFetch Format]]
  
It will not try to use swap partitions or autodetect and automount file systems unless requested explicitly.
+
=== LZXPRESS ===
 +
Used in:
 +
* [[Extensible Storage Engine (ESE) Database File (EDB) format]]
  
Forensic mode is available via a separate boot target for BIOS users and a rescue boot option (via F2) for UEFI users. This will skip activating MDRAID/LVM too.
+
=== LZXPRESS Huffman ===
 +
Used in:
 +
* [[Windows SuperFetch Format]]
  
Build profile suitable for ALT Linux <tt>mkimage</tt> tool is included as <tt>.disk/profile.tgz</tt>.
+
== External Links ==
 +
* [http://en.wikipedia.org/wiki/Lempel-Ziv Wikipedia: Lempel-Ziv]
 +
* [http://www.coderforlife.com/microsoft-compression-formats/ Microsoft Compression Formats]
  
== Tools included ==
+
=== Deflate/Inflate ===
 +
* [http://en.wikipedia.org/wiki/DEFLATE Wikipedia: DEFLATE]
 +
* [https://tools.ietf.org/html/rfc1950 IETF: RFC1950 - ZLIB Compressed Data Format Specification]
 +
* [https://tools.ietf.org/html/rfc1951 IETF: RFC1951 - DEFLATE Compressed Data Format Specification]
  
Most of the usual rescue suspects should be there; [[biew]], [[chntpw]], [[dc3dd]]/[[dcfldd]], [[foremost]], [[john]], [[md5deep]], [[nmap]], [[scalpel]], [[sleuthkit]], [[wipefreespace]] to name a few are available either; [[libevt]], [[libevtx]], [[liblnk]], [[libpff]], [[libregf]], [[libuna]], [[libvshadow]], [[libwrc]] tools have been added since 20140514.
+
=== LZ1 ===
 
+
* [http://andyh.org/LZ1.html LZ1]
X11-based software is being considered for an extended version.
+
 
+
== Platforms ==
+
 
+
i586 (BIOS) and x86_64 (BIOS/UEFI); SecureBoot might be left enabled in most occasions.
+
 
+
== Deliverables ==
+
 
+
Two separate 32/64-bit hybrid ISO images suitable for direct writing onto USB Flash media (or CD-R by chance).
+
 
+
== Forensic issues ==
+
 
+
Hardening against rootfs spoofing has been implemented as of 20140423 (stage2 squashfs SHA256 check has been contributed by Maxim Suhanov); previous images are vulnerable to ISO9660-on-device containing a squashfs file with predefined name and specially crafted contents.
+
 
+
MDRAID/LVM2/swaps activation might occur with images before 20140416 or when booted via the default "Rescue" target; booting into "Forensic mode" will skip that (for both early userspace and final environment as of 20140416) and switch <tt>mount-system</tt> script to use <tt>ro,loop,noexec</tt> mount options (as of 20140423).
+
 
+
Physical device write blocking hasn't been considered so far.
+
 
+
== Credits ==
+
 
+
* [[User:.FUF]] for [[Forensic Live CD issues]] page, sound advice and early userspace patch
+
 
+
== External Links ==
+
* [http://en.altlinux.org/Rescue Project site] (also available in [http://www.altlinux.org/Rescue Russian])
+
* Part of [http://en.altlinux.org/Regular Regular Builds] based on ALT Linux Sisyphus
+
* Rescue image within [http://en.altlinux.org/Starterkits ALT Linux Starterkits] based on stable branch has gained the same features as of 20140612
+

Revision as of 08:56, 21 June 2014

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

LZ-based

Deflate/Inflate

Used in:

LZNT1

Used in:

LZXPRESS

Used in:

LZXPRESS Huffman

Used in:

External Links

Deflate/Inflate

LZ1