Windows Incident Forensics with Knoppix Helix
Daehenoc writes "After finding Windows Forensics and Incident Recovery while looking around for forensics tools, I found this instead: Helix Incident Response and Forensics. It's a customized version of Knoppix which you can use in an online or offline style - put it in when Windows is running and you can retrieve a stack of useful information and send it to a network share. Or boot a suspect system with the CD and get access to useful forensics tools like sleuthkit!"
But there is a lot of anti-spyware stuff on knoppix. Think of the posibilities of fdisk!
Screw the FSM - Real geeks believe in the Invisible Pink Unicorn
Witness: I don't know what happened. i was just sitting there typing... when all of the sudden... THE BLUE SCREEN OF DEATH
Detective: Were you running Windows?
Witness: Yes... how did you know that?
Detective: Many, many days of experience, Maam.
Detective 2: Yet another case closed!
For some reason there never was a second episode.
See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
Anyone know if they ever got Linux to be able to actually write to NTFS?
:*)
I've often wondered who "they" are.
...they'll be booting the web server off one of these soon.
Your head a splode
60,000 of these!
sigs, as if you care.
your basic files? you should see my fortran files!
Yeah why call the careful checking of a computer for evidence of criminal activities forensics. That makes no sense at all.
Who modded this insightful? Come on. Fess up!
> Kind of like this? ;-)
That's amazing. Check out the 2nd floor window in the middle of the third building. I'm pretty sure they are shagging right up against the glass!
Bet they never suspected a satellite eye-in-the-sky was recording their act for history.
- For the complete works of Shakespeare: cat
fdisk?!
/dev/hda
# shred -v -n 1 -z
(verbose, 1 random pass, 1 zeroing pass)