Difference between revisions of "Talk:Forensic Live CD issues"

From ForensicsWiki
Jump to: navigation, search
(List of Live CD distros that ARE forensically sound?)
 
(2 intermediate revisions by 2 users not shown)
Line 12: Line 12:
  
 
--[[User:Grolltech|Grolltech]] 21:19, 11 September 2011 (PDT)
 
--[[User:Grolltech|Grolltech]] 21:19, 11 September 2011 (PDT)
 +
 +
: Runtime options to mount can be changed at will by UID=0 no matter which options are chosen as defaults.  This really begs the question of "Who is responsible" during an investigation. To me it seems the answer is "the investigator", not "the distro".  I'm still learning the process of investigation but they I understand it, its  processes and chain of custody demand that an investigator is skilled with the distro, not merely acquainted.  (And the scope needs to include the entire OS/distro not merely the Linux kernel).  [[User:John Crout|John Crout]] 12:26, 25 December 2011 (PST)
 +
 +
: Hello, unfortunately I don't have much free time to keep these lists up to date. But a quick checking of most recent distros (latest CAINE and DEFT) showed that some issues are back, due to regression [[User:.FUF|.FUF]] 02:42, 7 October 2012 (PDT)

Latest revision as of 04:42, 7 October 2012

Just putting all discovered stuff together in one article. .FUF 21:29, 3 February 2010 (UTC)


List of Live CD distros that ARE forensically sound?

This is an incredibly useful article. However, with a quick glance through the listed offenders, one might walk away with the impression that all of the 'major' forensics Live CD distros might corrupt the target drive. Or worse, someone may falsely believe that if their favorite flavor was not mentioned in the article, then it must be safe.

Further still, the sentence, "Each problem is followed by an up to date list of distributions affected" is a pretty bold statement, especially in light of the fact that this article hasn't been updated in 15 months...

I'm just wondering if anyone has re-tested any newer versions of the listed offenders since this article was written? Or perhaps whether the specific developer teams might have self-declared that these issues are "fixed" as of a particular release? Or if anyone is aware of other forensic Live CD distros that have been verified as 'safe' from these problems? Hoping to avoid reinventing the wheel here... either way, if I learn of anything in my travels, I'll post an update...

--Grolltech 21:19, 11 September 2011 (PDT)

Runtime options to mount can be changed at will by UID=0 no matter which options are chosen as defaults. This really begs the question of "Who is responsible" during an investigation. To me it seems the answer is "the investigator", not "the distro". I'm still learning the process of investigation but they I understand it, its processes and chain of custody demand that an investigator is skilled with the distro, not merely acquainted. (And the scope needs to include the entire OS/distro not merely the Linux kernel). John Crout 12:26, 25 December 2011 (PST)
Hello, unfortunately I don't have much free time to keep these lists up to date. But a quick checking of most recent distros (latest CAINE and DEFT) showed that some issues are back, due to regression .FUF 02:42, 7 October 2012 (PDT)