Difference between revisions of "THE FARMER'S BOOT CD"

From ForensicsWiki
Jump to: navigation, search
(Infobox.)
(Wikified.)
Line 8: Line 8:
 
}}
 
}}
  
[http://www.forensicbootcd.com/ THE FARMER'S BOOT CD (FBCD)] is a unique Linux boot CD. Taking a different approach than other [[Live CDs]], this CD was designed and optimized for previewing systems before acquiring. THE FARMER'S BOOT CD contains a number of programs forensic practitioners can utilize to preview both Windows and Linux systems in a forensically sound manner. Developed by Thomas Rude ('farmerdude').
+
'''THE FARMER'S BOOT CD''' ('''FBCD''') is a [[Linux]] [[boot CD]] developed by [[Thomas Rude]] ('farmerdude'). Taking a different approach than other [[Live CDs]], this CD was designed and optimized for previewing systems before acquiring. It contains a number of programs forensic practitioners can utilize to preview both [[Windows]] and [[Linux]] systems in a [[forensically sound]] manner.
 
+
  
 
== Preview Capabilities ==
 
== Preview Capabilities ==
  
THE FARMER'S BOOT CD has been designed for previewing both Windows and Linux systems. On-site previews before acquisitions is an emerging trend in the U.S.A. due to legal and technological reasons.
+
THE FARMER'S BOOT CD has been designed for previewing both Windows and Linux systems. On-site previews before acquisitions is an emerging trend in the U.S.A. due to legal and technological reasons.
  
 
Below is a short list of what can be accomplished in a simple GUI on this CD;
 
Below is a short list of what can be accomplished in a simple GUI on this CD;
  
- Mount file systems read-only, including journalled file system types
+
* Mount file systems read-only, including journalled file system types
- Obtain a list of deleted files for ext2, FAT12/16/32, and NTFS file system types
+
* Obtain a list of deleted files for ext2, FAT12/16/32, and NTFS file system types
- Undelete deleted files from NTFS file systems
+
* Undelete deleted files from NTFS file systems
- Obtain both E-mail and URL addresses from the Windows "pagefile.sys" file
+
* Obtain both E-mail and URL addresses from the Windows "pagefile.sys" file
- Read the Recycle Bin INFO2 records
+
* Read the Recycle Bin INFO2 records
- Read Windows event log files (AppEvent.Evt, SecEvent.Evt, SysEvent.Evt)
+
* Read Windows event log files (AppEvent.Evt, SecEvent.Evt, SysEvent.Evt)
- Read many log files from Linux systems (shell histories, system logs, security logs, accounting logs, etc.)
+
* Read many log files from Linux systems (shell histories, system logs, security logs, accounting logs, etc.)
- Obtain file system metainformation (creation date, last mount and write date, version, label, UUID, etc.)
+
* Obtain file system metainformation (creation date, last mount and write date, version, label, UUID, etc.)
- Parse Internet cache files from IE, Mozilla, and Opera, pulling cookies and histories
+
* Parse Internet cache files from IE, Mozilla, and Opera, pulling cookies and histories
- Catalog target file system, selecting files of interest by extension or header
+
* Catalog target file system, selecting files of interest by extension or header
- Convert date/time between UNIX 32bit, UNIX hex, human readable, Windows 64bit, and Windows hex
+
* Convert date/time between UNIX 32bit, UNIX hex, human readable, Windows 64bit, and Windows hex
- Generate thumbnails for all graphics in fully qualified path filename
+
* Generate thumbnails for all graphics in fully qualified path filename
- Obtain drive information (serial number, make/model, firmware, HPA status, etc.)
+
* Obtain drive information (serial number, make/model, firmware, HPA status, etc.)
- Obtain system BIOS table information (serial numbers, dates, UUIDs, etc.)
+
* Obtain system BIOS table information (serial numbers, dates, UUIDs, etc.)
- Obtain system hardware catalog
+
* Obtain system hardware catalog
- Double-clicking on most common file types opens them (Documents, Graphics, Presentations, Movies, Audio, etc.)
+
* Double-clicking on most common file types opens them (Documents, Graphics, Presentations, Movies, Audio, etc.)
 
+
 
+
== Links ==
+
 
+
[http://www.forensicbootcd.com/ THE FARMER'S BOOT CD Page] Main Page for THE FARMER'S BOOT CD (FBCD).
+
 
+
[http://www.forensicbootcd.com/site/view.html THE FARMER'S BOOT CD screen shots] Screen Shots for Delve Preview Program on the FBCD.
+
  
[http://www.forensicfocus.com/farmers-boot-cd Preview Data in Under Twenty Minutes] Paper on previewing data quickly at http://www.forensicfocus.com
+
== External Links ==
  
[[category:Forensic Utilities Linux Windows Live CD]]
+
* [http://www.forensicbootcd.com/site/view.html THE FARMER'S BOOT CD screen shots] - Screen Shots for Delve Preview Program on the FBCD.
 +
* [http://www.forensicfocus.com/farmers-boot-cd Preview Data in Under Twenty Minutes] - Paper on previewing data quickly at http://www.forensicfocus.com.

Revision as of 19:32, 15 May 2006

THE FARMER'S BOOT CD
Maintainer: Thomas Rude
OS: Linux,Windows
Genre: Live CD
License:  ???
Website: forensicbootcd.com

THE FARMER'S BOOT CD (FBCD) is a Linux boot CD developed by Thomas Rude ('farmerdude'). Taking a different approach than other Live CDs, this CD was designed and optimized for previewing systems before acquiring. It contains a number of programs forensic practitioners can utilize to preview both Windows and Linux systems in a forensically sound manner.

Preview Capabilities

THE FARMER'S BOOT CD has been designed for previewing both Windows and Linux systems. On-site previews before acquisitions is an emerging trend in the U.S.A. due to legal and technological reasons.

Below is a short list of what can be accomplished in a simple GUI on this CD;

  • Mount file systems read-only, including journalled file system types
  • Obtain a list of deleted files for ext2, FAT12/16/32, and NTFS file system types
  • Undelete deleted files from NTFS file systems
  • Obtain both E-mail and URL addresses from the Windows "pagefile.sys" file
  • Read the Recycle Bin INFO2 records
  • Read Windows event log files (AppEvent.Evt, SecEvent.Evt, SysEvent.Evt)
  • Read many log files from Linux systems (shell histories, system logs, security logs, accounting logs, etc.)
  • Obtain file system metainformation (creation date, last mount and write date, version, label, UUID, etc.)
  • Parse Internet cache files from IE, Mozilla, and Opera, pulling cookies and histories
  • Catalog target file system, selecting files of interest by extension or header
  • Convert date/time between UNIX 32bit, UNIX hex, human readable, Windows 64bit, and Windows hex
  • Generate thumbnails for all graphics in fully qualified path filename
  • Obtain drive information (serial number, make/model, firmware, HPA status, etc.)
  • Obtain system BIOS table information (serial numbers, dates, UUIDs, etc.)
  • Obtain system hardware catalog
  • Double-clicking on most common file types opens them (Documents, Graphics, Presentations, Movies, Audio, etc.)

External Links