ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between revisions of "Live CD"

From ForensicsWiki
Jump to: navigation, search
(See Also)
m (See Also: there are advantages, disadvantages and issues)
Line 18: Line 18:
* [[:Category:Live CD|Forensics Live CDs]]
* [[:Category:Live CD|Forensics Live CDs]]
* [[Forensic Live CD issues]]

Latest revision as of 12:17, 23 April 2014

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

A live CD is a CD containing a bootable computer operating system. Live CDs are widely used in computer forensics and incident response.


  • Physical memory of a computer can be imaged by performing cold boot attack without running tools on an untrusted OS;
  • Acquisition over a network connection without running tools on an untrusted OS;
  • No need to reconstruct RAID arrays;
  • etc.


  • Out-of-date software;
  • No simple way to reconfigure Live CD: you cannot easily rebuild foo to support bar (e.g. rebuild Sleuthkit to support AFF).

See Also