Difference between revisions of "Linux Repositories"
From Forensics Wiki
Gregfreemyer (Talk | contribs) (→Imaging Tools) |
Gregfreemyer (Talk | contribs) (→Imaging Tools) |
||
| (3 intermediate revisions by one user not shown) | |||
| Line 69: | Line 69: | ||
|N/A <!-- opensuse --> | |N/A <!-- opensuse --> | ||
|? <!-- fedora--> | |? <!-- fedora--> | ||
| − | | | + | |N/A <!-- debian--> |
|? <!-- ubuntu--> | |? <!-- ubuntu--> | ||
|Automated Image and Restore <!-- comment --> | |Automated Image and Restore <!-- comment --> | ||
| Line 96: | Line 96: | ||
|N/A <!-- opensuse --> | |N/A <!-- opensuse --> | ||
|? <!-- fedora--> | |? <!-- fedora--> | ||
| − | | | + | |N/A <!-- debian--> |
|? <!-- ubuntu--> | |? <!-- ubuntu--> | ||
|<!-- comment --> | |<!-- comment --> | ||
| Line 114: | Line 114: | ||
|N/A <!-- opensuse --> | |N/A <!-- opensuse --> | ||
|? <!-- fedora--> | |? <!-- fedora--> | ||
| − | | | + | |N/A <!-- debian--> |
|? <!-- ubuntu--> | |? <!-- ubuntu--> | ||
|A law enforcement only imager<!-- comment --> | |A law enforcement only imager<!-- comment --> | ||
| Line 123: | Line 123: | ||
|N/A <!-- opensuse --> | |N/A <!-- opensuse --> | ||
|? <!-- fedora--> | |? <!-- fedora--> | ||
| − | | | + | |N/A <!-- debian--> |
|? <!-- ubuntu--> | |? <!-- ubuntu--> | ||
|a proprietary imaging tool to create ewf format images <!-- comment --> | |a proprietary imaging tool to create ewf format images <!-- comment --> | ||
| Line 141: | Line 141: | ||
|N/A <!-- opensuse --> | |N/A <!-- opensuse --> | ||
|? <!-- fedora--> | |? <!-- fedora--> | ||
| − | | | + | |2.0.7-2 <!-- debian--> |
|? <!-- ubuntu--> | |? <!-- ubuntu--> | ||
|a dd-like tool, with forensic imaging features <!-- comment --> | |a dd-like tool, with forensic imaging features <!-- comment --> | ||
| Line 150: | Line 150: | ||
|Archiving:Backup/1.52 <!-- opensuse --> | |Archiving:Backup/1.52 <!-- opensuse --> | ||
|? <!-- fedora--> | |? <!-- fedora--> | ||
| − | | | + | |lenny/1.52 deprecated <!-- debian--> |
|? <!-- ubuntu--> | |? <!-- ubuntu--> | ||
|a dd-like tool<!-- comment --> | |a dd-like tool<!-- comment --> | ||
| Line 170: | Line 170: | ||
|'''comment''' | |'''comment''' | ||
|'''General Remarks''' | |'''General Remarks''' | ||
| + | |||
| + | |- | ||
| + | |rowspan=1| [[exiftool]] | ||
| + | |base/v8.65 <!-- opensuse --> | ||
| + | |? <!-- fedora--> | ||
| + | |squeeze/v8.15 sid/v8.60 <!-- debian--> | ||
| + | |? <!-- ubuntu--> | ||
| + | | <!-- comment --> | ||
| + | |exiftool has superior metadata reporting capability --> | ||
|- | |- | ||
Latest revision as of 19:24, 5 March 2012
There are a number of linux distributions.
In general they have primary repositories which are setup for every installation of the operating system and they have special purpose repositories which require specific setup.
Contents |
[edit] Repository Setup
[edit] openSUSE
For current openSUSE 11.4 and 12.1 users it is necessary to have the following repositories configured:
- security
- devel:languages:perl
- devel:languages:python
This is most easily done from the command line via (assumes openSUSE 12.1):
sudo zypper ar -f http://download.opensuse.org/repositories/security/openSUSE_12.1 security sudo zypper ar -f http://download.opensuse.org/repositories/devel:/languages:/perl/openSUSE_12.1 perl sudo zypper ar -f http://download.opensuse.org/repositories/devel:/languages:/python/openSUSE_12.1 python zypper lr # used to verify you have the repos installed
[edit] fedora
CERT maintains a fedora security repository with a large number of DFIR applicaitons.
[edit] debian
You can search for debian packages at debian's search page
[edit] ubuntu
[edit] Computer Forensic Tools
Below is a list of computer forensic tools. For each tool the repository it can be found in and the version in the repository is shown.
As an example, aimage is in the openSUSE security repository and it is version 3.2.5
[edit] Imaging Tools
| Tool | openSUSE | fedora | debian | ubuntu | comment | General Remarks |
| adepto | N/A | ? | N/A | ? | adepto is included in the helix boot cd | |
| aimage | security/3.2.5 | ? | squeeze/3.2.4 | ? | a imaging tool to create aff format images | aimage has been EOL'ed. guymager or ftkimager (windows/mac) are recommended for creating aff images. |
| AIR | N/A | ? | N/A | ? | Automated Image and Restore | a GUI front-end to dd and dc3dd designed for easily creating forensic bit images |
| dc3dd | security*/7.1.614 | ? | sid/7.1.614 | ? | DoD Cyber Crime Center DD | This tool was formerly known as dcfldd. When released as dc3dd it was totally rewritten. |
| ddrescue | Base/1.14 | ? | squeeze/1.14 sid/1.23 | ? | Also known as GNU ddrescue | This tool is different than dd_rescue. |
| dd_rescue | N/A | ? | N/A | ? | This tool is different than GNU ddrescue. | |
| ewfacquire | security*/20100226 | ? | squeeze/20100226 | ? | a imaging tool to create ewf format images | ewfacquire is part of ewftools in some distributions. |
| IXimager | N/A | ? | N/A | ? | A law enforcement only imager | used in conjunction with ILook Investigator |
| LinEn | N/A | ? | N/A | ? | a proprietary imaging tool to create ewf format images | included on the Helix boot CD |
| guymager | N/A | ? | Squeeze/0.4.2 Sid/0.5.9-3 | ? | a imaging tool to create aff format images | Guymager is an open source forensic imager. It focuses on user friendliness and high speed. |
| rdd | N/A | ? | 2.0.7-2 | ? | a dd-like tool, with forensic imaging features | Rdd is robust with respect to read errors |
| sdd | Archiving:Backup/1.52 | ? | lenny/1.52 deprecated | ? | a dd-like tool | Designed to work well when IBS != OBS. Working with tape is an example. |
- package will appear in the base release with the next full distribution release.
[edit] File Inventory Tools
| Tool | openSUSE | fedora | debian | ubuntu | comment | General Remarks |
| exiftool | base/v8.65 | ? | squeeze/v8.15 sid/v8.60 | ? | exiftool has superior metadata reporting capability --> | |
| fiwalk | security*/v0.6.15 | ? | N/A | ? | fiwalk is a robust $MFT walker
|
- package will appear in the base release with the next full distribution release.
