[Novalug] Security Distros OT

Jay Hart jhart@kevla.org
Wed Oct 10 13:14:59 EDT 2007


Off Topic,

Is there enough interest in forming a Forensics SIG, and if so, I think I
might volunteer to host it at my building.

Please post replies to this email on the list.

Jay

> Backtrack2 is the most recent live security distro i know of.  There
> may be newer ones, and i'm sure someone will correct me on this one ;)
>
> I do like Helix for handling forensic responses.  It's does a good job
> in identifying hardware, is flexible, and has most of the opensource
> forensic tools/a strong raid driverset.  This helps when acquiring
> information from some pesky server with a strange raid implementation.
>
> I would also say there is a slight difference between a
> backtrack/generic security related, and helix/forensic related live
> distro.  It really comes down to selecting the best tool for the job,
> as such, I personally would use Helix for forensic/incident response
> related work, and backtrack2 for vulnerability testing or more generic
> security work.
>
> Both will most likely have the appropriate tools to do the job based
> on Stevens presentation, Helix would probably do it better though.
>
> On 10/10/07, Ken Kauffman <kkauffman@headfog.com> wrote:
>> Any experience using it?
>>
>> I used KSTD mostly for dd, diskwiping and network detection activities
>> (which means I could have used any distro, I know).  I do see that it
>> includes sleuthkit which was touched on between questions at the meeting.
>> For those with wireless it's got airsnort and kismet (among other utils).
>>
>> What is nice about LiveCD distros like this is that you can boot from the
>> actual machine, which might be valuable for striped arrays.
>>
>> http://en.wikipedia.org/wiki/Knoppix_STD
>>
>> Ken
>>
>> <quote who="Matt Ahrens">
>> > I'll take a shot, Backtrack2 is only like a year old now ;)
>> >
>> > http://www.remote-exploit.org/backtrack.html
>> >
>> > Thanks,
>> > Matt
>> >
>> > On 10/10/07, Ken Kauffman <kkauffman@headfog.com> wrote:
>> >> In the spirit of the last meeting, I'd like to ask people on list if
>> >> they
>> >> have worked with any particular security focused Linux distros.  I know
>> >> of
>> >> KnoppixSTD and Helix but have only worked with KSTD a LONG time ago.
>> >>
>> >> So -- who has or continues to use security distros and tools and words
>> >> of
>> >> advice.
>> >>
>> >> Let the blather begin! :)
>> >>
>> >> _______________________________________________
>> >> Novalug mailing list
>> >> Novalug@calypso.tux.org
>> >> http://calypso.tux.org/cgi-bin/mailman/listinfo/novalug
>> >>
>> >
>>
>>
>>
> _______________________________________________
> Novalug mailing list
> Novalug@calypso.tux.org
> http://calypso.tux.org/cgi-bin/mailman/listinfo/novalug
>





More information about the Novalug mailing list