|
|
| Line 1: |
Line 1: |
| − | | + | Screenshot of VMWare workstation running from DD image |
| − | There are a number of linux distributions.
| + | |
| − | | + | |
| − | In general they have primary repositories which are setup for every installation of the operating system and they have special purpose repositories which require specific setup.
| + | |
| − | | + | |
| − | =Repository Setup=
| + | |
| − | ==openSUSE==
| + | |
| − | For current openSUSE 11.4 and 12.1 users it is necessary to have the following repositories configured:
| + | |
| − | | + | |
| − | *security
| + | |
| − | *devel:languages:perl
| + | |
| − | *devel:languages:python
| + | |
| − | | + | |
| − | This is most easily done from the command line via (assumes openSUSE 12.1):
| + | |
| − | | + | |
| − | sudo zypper ar -f <nowiki>http://download.opensuse.org/repositories/security/openSUSE_12.1</nowiki> security
| + | |
| − | sudo zypper ar -f <nowiki>http://download.opensuse.org/repositories/devel:/languages:/perl</nowiki>/openSUSE_12.1 perl
| + | |
| − | sudo zypper ar -f <nowiki>http://download.opensuse.org/repositories/devel:/languages:/python/openSUSE_12.1</nowiki> python
| + | |
| − |
| + | |
| − | zypper lr <nowiki> </nowiki> # used to verify you have the repos installed
| + | |
| − | | + | |
| − | ==fedora==
| + | |
| − | | + | |
| − | [http://www.cert.org/forensics/tools/ CERT] maintains a fedora security repository with a large number of DFIR applicaitons.
| + | |
| − | | + | |
| − | ==debian==
| + | |
| − | | + | |
| − | You can search for debian packages at [http://packages.debian.org/search debian's search page]
| + | |
| − | | + | |
| − | ==ubuntu==
| + | |
| − | | + | |
| − | =Computer Forensic Tools=
| + | |
| − | Below is a list of computer forensic tools. For each tool the repository it can be found in and the version in the repository is shown.
| + | |
| − | | + | |
| − | As an example, aimage is in the openSUSE security repository and it is version 3.2.5
| + | |
| − | | + | |
| − | ==Imaging Tools==
| + | |
| − | | + | |
| − | {|border="1" cellpadding="2" cellspacing="0" {{repository table}}
| + | |
| − | |-
| + | |
| − | |rowspan=1| '''Tool'''
| + | |
| − | |'''openSUSE'''
| + | |
| − | |'''fedora'''
| + | |
| − | |'''debian'''
| + | |
| − | |'''ubuntu'''
| + | |
| − | |'''comment'''
| + | |
| − | |'''General Remarks'''
| + | |
| − | | + | |
| − | |-
| + | |
| − | |rowspan=1| [http://www.e-fense.com/helix/ adepto]
| + | |
| − | |N/A <!-- opensuse -->
| + | |
| − | |? <!-- fedora-->
| + | |
| − | |N/A <!-- debian-->
| + | |
| − | |? <!-- ubuntu-->
| + | |
| − | | <!-- comment -->
| + | |
| − | |adepto is included in the helix boot cd<!-- General Remarks -->
| + | |
| − | | + | |
| − | |-
| + | |
| − | |rowspan=1| [[aimage]]
| + | |
| − | |security/3.2.5 <!-- opensuse -->
| + | |
| − | |? <!-- fedora-->
| + | |
| − | |squeeze/3.2.4 <!-- debian-->
| + | |
| − | |? <!-- ubuntu-->
| + | |
| − | |a imaging tool to create aff format images <!-- comment -->
| + | |
| − | |aimage has been EOL'ed. guymager or ftkimager (windows/mac) are recommended for creating aff images. <!-- General Remarks -->
| + | |
| − | | + | |
| − | |-
| + | |
| − | |rowspan=1| [[AIR]]
| + | |
| − | |N/A <!-- opensuse -->
| + | |
| − | |? <!-- fedora-->
| + | |
| − | |? <!-- debian-->
| + | |
| − | |? <!-- ubuntu-->
| + | |
| − | |Automated Image and Restore <!-- comment -->
| + | |
| − | |a GUI front-end to dd and dc3dd designed for easily creating forensic bit images <!-- General Remarks -->
| + | |
| − | | + | |
| − | |-
| + | |
| − | |rowspan=1| [[dc3dd]]
| + | |
| − | |security*/7.1.614 <!-- opensuse -->
| + | |
| − | |? <!-- fedora-->
| + | |
| − | |sid/7.1.614 <!-- debian-->
| + | |
| − | |? <!-- ubuntu-->
| + | |
| − | |DoD Cyber Crime Center DD <!-- comment -->
| + | |
| − | |This tool was formerly known as dcfldd. When released as dc3dd it was totally rewritten. <!-- General Remarks -->
| + | |
| − | | + | |
| − | |-
| + | |
| − | |rowspan=1| [[ddrescue]]
| + | |
| − | |Base/1.14 <!-- opensuse -->
| + | |
| − | |? <!-- fedora-->
| + | |
| − | |squeeze/1.14 sid/1.23 <!-- debian-->
| + | |
| − | |? <!-- ubuntu-->
| + | |
| − | |Also known as GNU ddrescue<!-- comment -->
| + | |
| − | |This tool is different than dd_rescue.
| + | |
| − | | + | |
| − | |-
| + | |
| − | |rowspan=1| [[dd_rescue]]
| + | |
| − | |N/A <!-- opensuse -->
| + | |
| − | |? <!-- fedora-->
| + | |
| − | |? <!-- debian-->
| + | |
| − | |? <!-- ubuntu-->
| + | |
| − | |<!-- comment -->
| + | |
| − | |This tool is different than GNU ddrescue.
| + | |
| − | | + | |
| − | |-
| + | |
| − | |rowspan=1| [[libewf|ewfacquire]]
| + | |
| − | |security*/20100226 <!-- opensuse -->
| + | |
| − | |? <!-- fedora-->
| + | |
| − | |squeeze/20100226 <!-- debian-->
| + | |
| − | |? <!-- ubuntu-->
| + | |
| − | |a imaging tool to create ewf format images <!-- comment -->
| + | |
| − | |ewfacquire is part of ewftools in some distributions.<!-- General Remarks -->
| + | |
| − | | + | |
| − | |-
| + | |
| − | |rowspan=1| [[IXimager]]
| + | |
| − | |N/A <!-- opensuse -->
| + | |
| − | |? <!-- fedora-->
| + | |
| − | |? <!-- debian-->
| + | |
| − | |? <!-- ubuntu-->
| + | |
| − | |A law enforcement only imager<!-- comment -->
| + | |
| − | |used in conjunction with ILook Investigator
| + | |
| − | | + | |
| − | |-
| + | |
| − | |rowspan=1| [[LinEn]]
| + | |
| − | |N/A <!-- opensuse -->
| + | |
| − | |? <!-- fedora-->
| + | |
| − | |? <!-- debian-->
| + | |
| − | |? <!-- ubuntu-->
| + | |
| − | |a proprietary imaging tool to create ewf format images <!-- comment -->
| + | |
| − | |included on the Helix boot CD<!-- General Remarks -->
| + | |
| − | | + | |
| − | |-
| + | |
| − | |rowspan=1| [[guymager]]
| + | |
| − | |N/A<!-- opensuse -->
| + | |
| − | |? <!-- fedora-->
| + | |
| − | |Squeeze/0.4.2 Sid/0.5.9-3 <!-- debian-->
| + | |
| − | |? <!-- ubuntu-->
| + | |
| − | |a imaging tool to create aff format images <!-- comment -->
| + | |
| − | |Guymager is an open source forensic imager. It focuses on user friendliness and high speed. <!-- General Remarks -->
| + | |
| − | | + | |
| − | |-
| + | |
| − | |rowspan=1| [http://sourceforge.net/projects/rdd rdd]
| + | |
| − | |N/A <!-- opensuse -->
| + | |
| − | |? <!-- fedora-->
| + | |
| − | |? <!-- debian-->
| + | |
| − | |? <!-- ubuntu-->
| + | |
| − | |a dd-like tool, with forensic imaging features <!-- comment -->
| + | |
| − | |Rdd is robust with respect to read errors<!-- General Remarks -->
| + | |
| − | | + | |
| − | |-
| + | |
| − | |rowspan=1| [ftp://ftp.berlios.de/pub/sdd/ sdd]
| + | |
| − | |Archiving:Backup/1.52 <!-- opensuse -->
| + | |
| − | |? <!-- fedora-->
| + | |
| − | |? <!-- debian-->
| + | |
| − | |? <!-- ubuntu-->
| + | |
| − | |a dd-like tool<!-- comment -->
| + | |
| − | |Designed to work well when IBS != OBS. Working with tape is an example.<!-- General Remarks -->
| + | |
| − | | + | |
| − | |}
| + | |
| − | | + | |
| − | *package will appear in the base release with the next full distribution release.
| + | |
| − | | + | |
| − | ==File Inventory Tools==
| + | |
| − | | + | |
| − | {|border="1" cellpadding="2" cellspacing="0" {{repository table}}
| + | |
| − | |-
| + | |
| − | |rowspan=1| '''Tool'''
| + | |
| − | |'''openSUSE'''
| + | |
| − | |'''fedora'''
| + | |
| − | |'''debian'''
| + | |
| − | |'''ubuntu'''
| + | |
| − | |'''comment'''
| + | |
| − | |'''General Remarks'''
| + | |
| − | | + | |
| − | |-
| + | |
| − | |rowspan=1| [[fiwalk]]
| + | |
| − | |security*/v0.6.15 <!-- opensuse -->
| + | |
| − | |? <!-- fedora-->
| + | |
| − | |N/A <!-- debian-->
| + | |
| − | |? <!-- ubuntu-->
| + | |
| − | | <!-- comment -->
| + | |
| − | |fiwalk is a robust $MFT walker<!-- General Remarks -->
| + | |
| − | | + | |
| − | | + | |
| − | |}
| + | |
| − | | + | |
| − | *package will appear in the base release with the next full distribution release.
| + | |
