ALT Linux Rescue

From Forensics Wiki
Revision as of 07:31, 16 April 2014 by MShigorin (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
ALT Linux Rescue
Maintainer: Michael Shigorin
OS: Linux
Genre: Live CD
License: GPL, others
Website: en.altlinux.org/rescue

ALT Linux Rescue is yet another sysadmin's Live CD.

Contents

Intro

This weekly-updated image is intended to be text-only recovery toolchest with some basic forensic capabilities.

It will not activate MDRAID/LVM when booted with "forensic" keyword (available via a separate isolinux boot target) and will not try to use swaps or autodetect/mount filesystems unless requested explicitly; mount-system script will use ro,loop mount options when booted in this mode.

Build profile suitable for ALT Linux mkimage tool is included as .disk/profile.tgz.

Tools included

Most of the usual rescue suspects should be there; biew, chntpw, dc3dd/dcfldd, foremost, john, md5deep, nmap, scalpel, sleuthkit, wipefreespace to name a few are available either.

Platforms

i586 (BIOS) and x86_64 (BIOS/UEFI); SecureBoot might be left enabled in most occasions.

Deliverables

Two separate 32/64-bit hybrid ISO images suitable for direct writing onto USB Flash media (or CD-R by chance).

Forensic issues

No hardening against rootfs spoofing as of 20140416.

Credits

External Links