Live CD

From Forensics Wiki

Revision as of 04:56, 28 July 2012 by Joachim Metz (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

A live CD is a CD containing a bootable computer operating system. Live CDs are widely used in computer forensics and incident response.

Advantages

Physical memory of a computer can be imaged by performing cold boot attack without running tools on an untrusted OS;
Acquisition over a network connection without running tools on an untrusted OS;
No need to reconstruct RAID arrays;
etc.

Disadvantages

Out-of-date software;
No simple way to reconfigure Live CD: you cannot easily rebuild foo to support bar (e.g. rebuild Sleuthkit to support AFF).

See Also

Forensics Live CDs

Retrieved from "http://www.forensicswiki.org/w/index.php?title=Live_CD&oldid=8952"

Articles that need to be expanded