Talk:Forensic Live CD issues

From ForensicsWiki
Revision as of 09:37, 28 July 2012 by Joachim Metz (Talk | contribs)

Jump to: navigation, search

Just putting all discovered stuff together in one article. .FUF 21:29, 3 February 2010 (UTC)


List of Live CD distros that ARE forensically sound?

This is an incredibly useful article. However, with a quick glance through the listed offenders, one might walk away with the impression that all of the 'major' forensics Live CD distros might corrupt the target drive. Or worse, someone may falsely believe that if their favorite flavor was not mentioned in the article, then it must be safe.

Further still, the sentence, "Each problem is followed by an up to date list of distributions affected" is a pretty bold statement, especially in light of the fact that this article hasn't been updated in 15 months...

I'm just wondering if anyone has re-tested any newer versions of the listed offenders since this article was written? Or perhaps whether the specific developer teams might have self-declared that these issues are "fixed" as of a particular release? Or if anyone is aware of other forensic Live CD distros that have been verified as 'safe' from these problems? Hoping to avoid reinventing the wheel here... either way, if I learn of anything in my travels, I'll post an update...

--Grolltech 21:19, 11 September 2011 (PDT)

Runtime options to mount can be changed at will by UID=0 no matter which options are chosen as defaults. This really begs the question of "Who is responsible" during an investigation. To me it seems the answer is "the investigator", not "the distro". I'm still learning the process of investigation but they I understand it, its processes and chain of custody demand that an investigator is skilled with the distro, not merely acquainted. (And the scope needs to include the entire OS/distro not merely the Linux kernel). John Crout 12:26, 25 December 2011 (PST)