ALT Linux Rescue

From ForensicsWiki
Revision as of 12:31, 16 April 2014 by MShigorin (Talk | contribs) (init using Grml and Masterkey Linux as examples)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
ALT Linux Rescue
Maintainer: Michael Shigorin
OS: Linux
Genre: Live CD
License: GPL, others

ALT Linux Rescue is yet another sysadmin's Live CD.


This weekly-updated image is intended to be text-only recovery toolchest with some basic forensic capabilities.

It will not activate MDRAID/LVM when booted with "forensic" keyword (available via a separate isolinux boot target) and will not try to use swaps or autodetect/mount filesystems unless requested explicitly; mount-system script will use ro,loop mount options when booted in this mode.

Build profile suitable for ALT Linux mkimage tool is included as .disk/profile.tgz.

Tools included

Most of the usual rescue suspects should be there; biew, chntpw, dc3dd/dcfldd, foremost, john, md5deep, nmap, scalpel, sleuthkit, wipefreespace to name a few are available either.


i586 (BIOS) and x86_64 (BIOS/UEFI); SecureBoot might be left enabled in most occasions.


Two separate 32/64-bit hybrid ISO images suitable for direct writing onto USB Flash media (or CD-R by chance).

Forensic issues

No hardening against rootfs spoofing as of 20140416.


External Links