Re: [sleuthkit-users] opensourceforensics.org
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] opensourceforensics.org
|
From: Brian C. <ca...@sl...> - 2003-06-12 14:54:00
|
On 12 Jun 2003 07:13 PDT you wrote: > > Note that there are no bootable Linux CDs on the > > site yet. That is because all of the ones that I know > > of do not include source code. They use an open > > source OS, but only the ISO is available from the > > website. > > You've clearly not seen Knoppix. > http://www.knopper.net/knoppix/index-en.html > > All the sources are on the CD and if not there are available for download > from http://www.knopper.net/download/knoppix/ I have never checked the sources on the CD, but the ones on the website do not seem complete. For example, based on the file names, I can't find the kernel source or version of 'binuntils'. Of course, I could be wrong since I haven't opened up every tar file there. This brings up the point of basic documentation though. Providing a list of packages and libraries and no docs or scripts on how to put it together makes verification difficult. > Knoppix is a very useful boot cd for forensic work especially if you like to > do manual poking around, as by defult it mounts the local disks read only so > that the file's atime settings won't be modified accidentally. There has actually been a thread on the linux_forensics@yahoo list about this since someone noticed that the hash on an EXT3FS file system changed after mounting it read-only with knoppix. They have been doing more tests and will be publishing a final report. > Also of interest, and knoppix based is a project Morphix > http://morphix.sourceforge.net/modules/news/ I hadn't seen that one yet. Thanks. brian |
