.

Creating a live cd

<<

jbscarva

Newbie
Newbie

Posts: 1

Joined: Wed Oct 26, 2011 5:22 am

Post Wed Oct 26, 2011 5:34 am

Creating a live cd

I work in computer forensics and I am newbie in Linux, (despite search and study a lot).
However in my Office, we want to develop a "Live CD" - Ubuntu based - for forensic purposes.
One of the main objectives of the CD is to be "forensically sound", eg, none of the devices on the target system should be mounted RW, RO instead.


My question is:
-Can we start from "Ububtu Live CD", install on it some forensic apps, change the boot system and burn all with changes to a new CD?
If so, what we must change in order to ensure that the CD will be "forensically sound"?
Will be that there are batch scripts for this purpose?
-
Any help is welcome


Thanks in advance and best regards,
<<

n3r

User avatar

Jr. Member
Jr. Member

Posts: 95

Joined: Wed Sep 28, 2011 1:06 am

Location: paris

Post Wed Oct 26, 2011 7:58 am

Re: Creating a live cd

I've never tried but you can try http://www.linux-live.org/
Just install the apps and make an iso with linux live
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Wed Oct 26, 2011 12:37 pm

Re: Creating a live cd

It's called remastering, I know the Knoppix Hacks book had a section on how to remaster Knoppix for your needs. It was Debain based at the time like Ubuntu, so the theory should carry you.

There are several other options to do that too...

Examples of Remastered versions of Ububuntu:

Backtrack
Xubuntu
Kubuntu
EDUbuntu

I'm sure there are others.
OSWP, Sec+
<<

tturner

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Thu Jun 26, 2008 4:50 pm

Post Wed Oct 26, 2011 2:13 pm

Re: Creating a live cd

You will need to mount the filesystem as read only. Any write operations will compromise your evidence.

Maybe start with options that are already forensically sound and customize from there and then remaster. http://www.forensicswiki.org/wiki/Tools
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, GSSP-JAVA, OPSE, CSWAE, CSTP, VCP

WIP: Vendor WAF stuff

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org
<<

idr0p

Newbie
Newbie

Posts: 49

Joined: Fri Jun 17, 2011 8:46 pm

Post Thu Oct 27, 2011 4:34 pm

Re: Creating a live cd

Do you need to make one specifically or can you just use one already out there, there are many.

SIFT Kit
Helix
Sleuth kit
Backtrack
etc...
GCIA GCIH GPEN GWAPT
Up Next: CISA CISSP
<<

p0et

User avatar

Full Member
Full Member

Posts: 197

Joined: Thu Nov 02, 2006 4:38 pm

Location: Victoria, Canada

Post Sun Oct 30, 2011 1:59 pm

Re: Creating a live cd

I've heard good things about Sleuth Kit and Helix3.  That would sure save you a ton of time if you could just use one of those!
GCIH, Security+, Network+, A+, MCP, DCSE

Return to Forensics

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software