Difference between pages "Category:Live CD" and "THE FARMER'S BOOT CD"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
 
 
Line 1: Line 1:
<div style="margin-top:0.5em; border:2px solid #ff0000; padding:0.5em 0.5em 0.5em 0.5em; background-color:#dddddd; align:center;">
+
{{Deprecated Software}}
'''Note:''' We're trying to use the same [[tool template]] for all devices. Please use this if possible.
+
</div>
+
  
; [[BackTrack]]
+
{{Infobox_Software |
; [[Matriux]]
+
  name = THE FARMER'S BOOT CD |
; [[CAINE Live CD]]
+
  maintainer = [[Thomas Rude]] |
; [[DEFT Linux]]
+
  os = {{Linux}}, {{Windows}} |
 +
  genre = {{Live CD}} |
 +
  license = ??? |
 +
  website = [http://www.forensicbootcd.com/ forensicbootcd.com] |
 +
}}
  
 +
'''THE FARMER'S BOOT CD''' ('''FBCD''') is a [[Linux]] [[boot CD]] developed by [[Thomas Rude]] ('farmerdude').
  
; [[THE FARMER'S BOOT CD]]
+
Taking a different approach than other [[Live CDs]], this CD was designed and optimized for previewing systems before acquiring. It contains a number of programs forensic practitioners can utilize to preview both [[Windows]] and [[Linux]] systems in a [[forensically sound]] manner.
: A [[Linux]] [[Live CD]], designed and optimized for previewing data in a [[forensically sound]] manner. It contains a number of programs forensic practitioners can utilize to preview both [[Windows]] and [[Linux]] systems.
+
  
; [[FCCU Gnu/Linux Boot CD]]
+
== Preview Capabilities ==
  
; [[grml]]
+
THE FARMER'S BOOT CD has been designed for previewing both Windows and Linux systems. On-site previews before acquisitions is an emerging trend in the U.S.A. due to legal and technological reasons.
: A forensic [[Live CD]] built on top of [[Debian]].
+
: http://grml.org
+
  
; [[Helix3]] ([[Helix3 Pro]])
+
Below is a short list of what can be accomplished in a simple GUI on this CD;
: A [[Live CD]] built on top of [[Ubuntu]] with special tools for [[Incident Response|incident response]] and electronic discovery.
+
: http://e-fense.com
+
  
; [[MacQuisition Boot CD]]
+
* Mount file systems read-only, including journalled file system types
: A forensic [[Live CD]] built for imaging [[Macintosh]] systems.
+
* Obtain a list of deleted files for ext2, FAT12/16/32, and NTFS file system types
 +
* Undelete deleted files from NTFS file systems
 +
* Obtain both E-mail and URL addresses from the Windows "pagefile.sys" file
 +
* Read the Recycle Bin INFO2 records
 +
* Read Windows event log files (AppEvent.Evt, SecEvent.Evt, SysEvent.Evt)
 +
* Read many log files from Linux systems (shell histories, system logs, security logs, accounting logs, etc.)
 +
* Obtain file system metainformation (creation date, last mount and write date, version, label, UUID, etc.)
 +
* Parse Internet cache files from IE, Mozilla, and Opera, pulling cookies and histories
 +
* Catalog target file system, selecting files of interest by extension or header
 +
* Convert date/time between UNIX 32bit, UNIX hex, human readable, Windows 64bit, and Windows hex
 +
* Generate thumbnails for all graphics in fully qualified path filename
 +
* Obtain drive information (serial number, make/model, firmware, HPA status, etc.)
 +
* Obtain system BIOS table information (serial numbers, dates, UUIDs, etc.)
 +
* Obtain system hardware catalog
 +
* Double-clicking on most common file types opens them (Documents, Graphics, Presentations, Movies, Audio, etc.)
  
; [[Masterkey Linux]]
+
== External Links ==
: A [[Linux]] [[Live CD]] built on top of [[Slackware]] featuring a wide variety of free and open source tools, focused on both Incident Response and Computer Forensic Examination.
+
: http://masterkeylinux.com
+
  
; [[PlainSight]]
+
* [http://www.forensicbootcd.com/site/view.html THE FARMER'S BOOT CD screen shots] - Screen Shots for Delve Preview Program on the FBCD.
: A forensic [[Live CD]] built on top of [[Knoppix]].
+
* [http://www.forensicfocus.com/farmers-boot-cd Preview Data in Under Twenty Minutes] - Paper on previewing data quickly at http://www.forensicfocus.com.
: http://www.plainsight.info
+
 
+
; [[Recovery Is Possible]]
+
: A [[Linux]] [[Live CD]] with a number of recovery applications such as [[TestDisk]], [[PhotoRec]], etc.
+
: http://www.tux.org/pub/people/kent-robotti/looplinux/rip/
+
 
+
; [[SAFE Boot Disk]]
+
: The first and only commercially available forensically sound Windows Boot disk.
+
: Includes built-in driver support, access to the NTFS file system and built-in software write blocking.
+
: http://www.forensicsoft.com/catalog/product.php
+
 
+
; [[SMART Linux]]
+
: Two [[Live CD | Live CDs]] built on top of [[Slackware]] and [[Ubuntu]]. Includes [[SMART]] and other forensic tools.
+
: http://asrdata2.com
+
 
+
; [[SPADA]]
+
: A forensic [[Live CD]] built on top of [[Knoppix]].
+
: http://spada-cd.info
+
 
+
; [[Windows Forensic Environment (aka WinFE, Windows FE)]]
+
: A Windows based forensic CD based off the Windows Pre-Installation Environment.
+
: http://winfe.wordpress.com
+
: [[WinFE]]
+
 
+
== Out of date Live CDs ==
+
 
+
; [[Knoppix STD]]
+
 
+
; [[Penguin Sleuthkit]]
+
 
+
; [[SNARL]]
+
 
+
==See Also==
+
* [[:Category:VMware Appliances]]
+
 
+
[[Category:Tools]]
+

Latest revision as of 08:20, 28 July 2012

File:40px-Ambox warning pn.png

This tool is deprecated.
The tool that this page describes is deprecated and is no longer under active development.
Further information might be found on the discussion page.

THE FARMER'S BOOT CD
Maintainer: Thomas Rude
OS: Linux,Windows
Genre: Live CD
License:  ???
Website: forensicbootcd.com

THE FARMER'S BOOT CD (FBCD) is a Linux boot CD developed by Thomas Rude ('farmerdude').

Taking a different approach than other Live CDs, this CD was designed and optimized for previewing systems before acquiring. It contains a number of programs forensic practitioners can utilize to preview both Windows and Linux systems in a forensically sound manner.

[edit] Preview Capabilities

THE FARMER'S BOOT CD has been designed for previewing both Windows and Linux systems. On-site previews before acquisitions is an emerging trend in the U.S.A. due to legal and technological reasons.

Below is a short list of what can be accomplished in a simple GUI on this CD;

  • Mount file systems read-only, including journalled file system types
  • Obtain a list of deleted files for ext2, FAT12/16/32, and NTFS file system types
  • Undelete deleted files from NTFS file systems
  • Obtain both E-mail and URL addresses from the Windows "pagefile.sys" file
  • Read the Recycle Bin INFO2 records
  • Read Windows event log files (AppEvent.Evt, SecEvent.Evt, SysEvent.Evt)
  • Read many log files from Linux systems (shell histories, system logs, security logs, accounting logs, etc.)
  • Obtain file system metainformation (creation date, last mount and write date, version, label, UUID, etc.)
  • Parse Internet cache files from IE, Mozilla, and Opera, pulling cookies and histories
  • Catalog target file system, selecting files of interest by extension or header
  • Convert date/time between UNIX 32bit, UNIX hex, human readable, Windows 64bit, and Windows hex
  • Generate thumbnails for all graphics in fully qualified path filename
  • Obtain drive information (serial number, make/model, firmware, HPA status, etc.)
  • Obtain system BIOS table information (serial numbers, dates, UUIDs, etc.)
  • Obtain system hardware catalog
  • Double-clicking on most common file types opens them (Documents, Graphics, Presentations, Movies, Audio, etc.)

[edit] External Links

Retrieved from "http://www.forensicswiki.org/w/index.php?title=Category:Live_CD&oldid=5281"
Personal tools
Namespaces

Variants
Actions
Navigation:
About forensicswiki.org:
Toolbox