ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

ALT Linux Rescue

From ForensicsWiki
Revision as of 12:31, 16 April 2014 by MShigorin (Talk | contribs) (init using Grml and Masterkey Linux as examples)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
ALT Linux Rescue
Maintainer: Michael Shigorin
OS: Linux
Genre: Live CD
License: GPL, others
Website: en.altlinux.org/rescue

ALT Linux Rescue is yet another sysadmin's Live CD.

Intro

This weekly-updated image is intended to be text-only recovery toolchest with some basic forensic capabilities.

It will not activate MDRAID/LVM when booted with "forensic" keyword (available via a separate isolinux boot target) and will not try to use swaps or autodetect/mount filesystems unless requested explicitly; mount-system script will use ro,loop mount options when booted in this mode.

Build profile suitable for ALT Linux mkimage tool is included as .disk/profile.tgz.

Tools included

Most of the usual rescue suspects should be there; biew, chntpw, dc3dd/dcfldd, foremost, john, md5deep, nmap, scalpel, sleuthkit, wipefreespace to name a few are available either.

Platforms

i586 (BIOS) and x86_64 (BIOS/UEFI); SecureBoot might be left enabled in most occasions.

Deliverables

Two separate 32/64-bit hybrid ISO images suitable for direct writing onto USB Flash media (or CD-R by chance).

Forensic issues

No hardening against rootfs spoofing as of 20140416.

Credits

External Links