Windows Incident Forensics with Knoppix Helix
Daehenoc writes "After finding Windows Forensics and Incident Recovery while looking around for forensics tools, I found this instead: Helix Incident Response and Forensics. It's a customized version of Knoppix which you can use in an online or offline style - put it in when Windows is running and you can retrieve a stack of useful information and send it to a network share. Or boot a suspect system with the CD and get access to useful forensics tools like sleuthkit!"
But there is a lot of anti-spyware stuff on knoppix. Think of the posibilities of fdisk!
Screw the FSM - Real geeks believe in the Invisible Pink Unicorn
Witness: I don't know what happened. i was just sitting there typing... when all of the sudden... THE BLUE SCREEN OF DEATH
Detective: Were you running Windows?
Witness: Yes... how did you know that?
Detective: Many, many days of experience, Maam.
Detective 2: Yet another case closed!
For some reason there never was a second episode.
See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
...they'll be booting the web server off one of these soon.
Your head a splode
60,000 of these!
sigs, as if you care.