Re: Forensics CD Toolkit for FreeBSD

From: Joe Warner (rootman22_at_comcast.net)
Date: 08/03/03

Next message: FreeBSD Security Advisories: "FreeBSD Security Advisory FreeBSD-SA-03:08.realpath"

Previous message: michael: "Re: ipfw or ipf w/stateful behavior"
Next in thread: Bruce M Simpson: "Re: Forensics CD Toolkit for FreeBSD"
Reply: Bruce M Simpson: "Re: Forensics CD Toolkit for FreeBSD"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Barney Wolff <barney@databus.com>
Date: Sun, 3 Aug 2003 12:59:31 -0600

On Sunday 03 August 2003 12:26 pm, Barney Wolff wrote:
> On Sun, Aug 03, 2003 at 09:20:45AM -0600, Joe Warner wrote:
> > I'd like to build a toolkit CD specifically for conducting
> > forensics on FreeBSD. I'm not talking about a bootable
> > CD but rather one that I could pop into a CD ROM drive
> > and run trusted commands like ps, netstat, ls, etc., from.
>
> 1. It would be fairly rare for the bin's from iso-2 (the bootable
> live filesystem) from a release not to work on the corresponding
> -stable.

Ok, I didn't know that, thanks.

>
> 2. However you should certainly be booting from the cd, for reasons
> already noted.
>
> 3. make release will enable you to create the equivalent of iso-2
> for your -stable, if you really insist.

I'll take that under consideration but don't think it will be necessary for
what I'm trying to accomplish.

>
> 4. You should investigate The Coroner's Toolkit, available (free)
> from porcupine.org to really do forensics work. It comes from
> Dan Farmer & Wiese Venema, who need no endorsement from me.
> I've used it (on Solaris) with very gratifying results.

Yes, I've seen that all over the place from my searches on Google but I
was hesitant about going any further with that because it said it's only
been tested on FreeBSD 2.2.1, 3.4, and 4.4

Do you think I can run TCT from a CD?

Thanks

Joe

_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

Next message: FreeBSD Security Advisories: "FreeBSD Security Advisory FreeBSD-SA-03:08.realpath"

Previous message: michael: "Re: ipfw or ipf w/stateful behavior"
Next in thread: Bruce M Simpson: "Re: Forensics CD Toolkit for FreeBSD"
Reply: Bruce M Simpson: "Re: Forensics CD Toolkit for FreeBSD"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Forensics CD Toolkit for FreeBSD
... >> I'd like to build a toolkit CD specifically for conducting ... >> forensics on FreeBSD. ... > from porcupine.org to really do forensics work. ...
(freebsd-stable)
Re: Forensics CD Toolkit for FreeBSD
... > I'd like to build a toolkit CD specifically for conducting ... > forensics on FreeBSD. ...
(freebsd-stable)
Re: Forensics CD Toolkit for FreeBSD
... It would be fairly rare for the bin's from iso-2 (the bootable ... You should investigate The Coroner's Toolkit, ... from porcupine.org to really do forensics work. ...
(freebsd-stable)
Re: Forensics CD Toolkit for FreeBSD
... > forensics on FreeBSD. ... this seems to be sleeping. ... To unsubscribe, ...
(freebsd-stable)