Re: [sleuthkit-users] Gentoo Questions
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] Gentoo Questions
|
From: Robert M. <ro...@ze...> - 2006-04-21 18:09:29
|
Stuart Bird wrote: > Hi All > > Having recently had my linux exam box upgraded I decided to have a > crack at a new setup so I took the plunge and had a go at installing > Gentoo from their new installer CD. After a few weeks of general use I > am very happy with it and it seems very stable. > Good to hear - another potential Gentoo convert! It's a great distro but a little high maintenance when things go off the rails. We've been using it for the past couple years. > The first thing I wanted to ask is whether Gentoo is a good base for > forensic work. As far as I can tell it does not auto mount anything > without my say so, but are there any other areas of the distro I need > to look at to make the environment forensically sound? > Can't speak directly to this but we do have an in house data recovery live CD based off Gentoo - which we are planning to release in the not to distant future - which performs many of the same tasks as a forensic exam and uses Sleuthkit and have had great success with few modification from the standard install. > Secondly, I have installed sleuthkit and autopsy via portage. I can > run autopsy alright but cannot for the life of me find the directory > that sleuthkit was installed to so that I can run stuff from the > commandline. I have tried "find" and "locate" etc but I still can't > find the folder containing all the commands. make sure you have gentoolkit installed 'emerge -a gentoolkit' and then run 'equery files sleuthkit' and that will tell you all the files portage installed and where it installed them. > I am on Gentoo 2006.0 with kernel-genkernel-x86-2.6.15-gentoo-r5 if > that helps. > > Any advice appreciated. > > Stu Bird Best Regards, Rob McCrea ro...@ze... http://www.zebralogic.ca |
