PDA

View Full Version : Forensics Tools



cascadefx
04-03-2003, 11:12 PM
I think knoppix would be a great forensics platform because of its ease of use, its "hands off" philosophy, and its amazing hardware discovery... unfortunately it is missing a number of crucial tools.

I think it should have:

The Coroner's Toolkit (http://www.fish.com/tct/)

and

The @t Stake Took Kit (TASK) (http://www.atstake.com/research/tools/task/)

and

The Autopsy forensic browser (http://www.atstake.com/research/tools/autopsy/)

and

Media, Access, and Change Robber (mac-robber) (http://www.atstake.com/research/tools/forensic/)

So... does Klaus read this list and if so... what do you (or anybody else) think?

Does anybody know of good forensic tools that are already in Knoppix?

What else is left out?

knopper
04-03-2003, 11:31 PM
I think knoppix would be a great forensics platform because of its ease of use, its "hands off" philosophy, and its amazing hardware discovery... unfortunately it is missing a number of crucial tools.

I think it should have:

The Coroner's Toolkit (http://www.fish.com/tct/)

and

The @t Stake Took Kit (TASK) (http://www.atstake.com/research/tools/task/)

and

The Autopsy forensic browser (http://www.atstake.com/research/tools/autopsy/)

and

Media, Access, and Change Robber (mac-robber) (http://www.atstake.com/research/tools/forensic/)

So... does Klaus read this list and if so... what do you (or anybody else) think?

Does anybody know of good forensic tools that are already in Knoppix?

What else is left out?

tct is already on Knoppix, and some other tools that are available as debian packages. It's always a trade with space taken from other packages that must be deleted first. So, I try to keep ONE toolkit that includes functionality of many others, rather than installing different packages.
Regards
-Klaus