Re: [sleuthkit-users] Choice of Linux distro Was:Install help--Sleuth Kit 3.0.1
Brought to you by:
carrier
From: RB <ao...@gm...> - 2009-03-12 04:03:36
|
On Wed, Mar 11, 2009 at 21:10, Warren Belfer <war...@su...> wrote: > I'd like to digress slightly (well maybe a lot) > > Is there any place I can find out what people > are choosing for a Linux distro for their > forensic workstation and why. The SANS-SIFT workstation > is based on Fedora and I see ubuntu mentioned a lot. > > Is there any reason to prefer one over the other(s)? > I'll be using TSK and Autopsy, plus whatever else > I can find that will help. I'm a heavy Gentoo user and have submitted the current packages for most of the OSS forensics tools I care to use for it - just recently got afflib-3.3.4, libewf, and sleuthkit-3 into the tree. I choose it because it grants me the greatest flexibility with both packaging and hardening. Disclaimer: I am a serious Power User with my own overlay/repo and am far less interested in things just working as opposed to working "right". Most "new" distros follow the Debian/Ubuntu path because it's frankly the easiest. They (Debian) have put a lot of work into making it trivial to "derive your own" with lateral compatibility to boot (.deb packages work "anywhere"). Fedora has the advantage of basically being RedHat's Beta program. >From a development POV, I can't find a distribution that is more developer-friendly than Gentoo: everything is simple plaintext files and runs off of packages' upstream tarballs. There are no -dev packages because (like with the libssl-dev example above) the headers and such are already installed. That said, it has one of the least friendly installation processes in the field and makes very few choices for you, including things most of us would normally consider "basic" to an install: beep, eject, a dhcp client, 'dig', etc. |