I use a mix of Win7 VM, SamuraiWTF VM and BT5 baremetal and a couple of CentOS 5 VMs I use for infrastructure support when necessary (like SMTP, FTP, etc). My laptop currently boots with BT5 and VMware Workstation but I also have Ubuntu and Win7 boot disks I can swap out when BT5 gets stupid. All my VM's are also backed up on an external USB 3.0 disk I can run off if need be. I store test data on external
http://www.mxisecurity.com/ drives that can be remotely wiped if lost or stolen and I routinely wipe after every major test.
The one hole in my setup is that tool output is not as protected as it should be but I try to move results out of those directories and onto my encrypted drive as quickly as possible and then I shred the unencrypted info. For tools that store in a database format I don't have a great solution, but when possible I will use direct database access to purge sensitive info. Ideally I would store the db on external encrypted drive and redirect application paths to those DB's or use FDE. I just have not gotten that paranoid yet.
In the past, I ran Ubuntu and encrypted my home directory with Truecrypt but I have not set that up yet on my BT5 install. I'm currently looking at some other FDE options. I'm open to ideas. I do have a PGP 10 license I can use for WDE but it does not officially support newer versions of Ubuntu so have held off there. I may just have to pull the trigger and see what happens.
Network Pen Testing : AIX Vulnerability Assessments
