Creating a live cd

[jbscarva]

I work in computer forensics and I am newbie in Linux, (despite search and study a lot).
However in my Office, we want to develop a "Live CD" - Ubuntu based - for forensic purposes.
One of the main objectives of the CD is to be "forensically sound", eg, none of the devices on the target system should be mounted RW, RO instead.


My question is:
-Can we start from "Ububtu Live CD", install on it some forensic apps, change the boot system and burn all with changes to a new CD?
If so, what we must change in order to ensure that the CD will be "forensically sound"?
Will be that there are batch scripts for this purpose?
 -
Any help is welcome


Thanks in advance and best regards,

[n3r]

I've never tried but you can try http://www.linux-live.org/
Just install the apps and make an iso with linux live

[chrisj]

It's called remastering, I know the Knoppix Hacks book had a section on how to remaster Knoppix for your needs. It was Debain based at the time like Ubuntu, so the theory should carry you.

There are several other options to do that too...

Examples of Remastered versions of Ububuntu:

Backtrack
Xubuntu
Kubuntu
EDUbuntu

I'm sure there are others.

[tturner]

You will need to mount the filesystem as read only. Any write operations will compromise your evidence.

Maybe start with options that are already forensically sound and customize from there and then remaster. http://www.forensicswiki.org/wiki/Tools

[idr0p]

Do you need to make one specifically or can you just use one already out there, there are many.

SIFT Kit
Helix
Sleuth kit
Backtrack
etc...

[p0et]

I've heard good things about Sleuth Kit and Helix3.  That would sure save you a ton of time if you could just use one of those!