Stuart Bird wrote:
> Hi All
>
> Having recently had my linux exam box upgraded I decided to have a
> crack at a new setup so I took the plunge and had a go at installing
> Gentoo from their new installer CD. After a few weeks of general use I
> am very happy with it and it seems very stable.
>
Good to hear - another potential Gentoo convert! It's a great distro but
a little high maintenance when things go off the rails. We've been using
it for the past couple years.
> The first thing I wanted to ask is whether Gentoo is a good base for
> forensic work. As far as I can tell it does not auto mount anything
> without my say so, but are there any other areas of the distro I need
> to look at to make the environment forensically sound?
>
Can't speak directly to this but we do have an in house data recovery
live CD based off Gentoo - which we are planning to release in the not
to distant future - which performs many of the same tasks as a forensic
exam and uses Sleuthkit and have had great success with few modification
from the standard install.
> Secondly, I have installed sleuthkit and autopsy via portage. I can
> run autopsy alright but cannot for the life of me find the directory
> that sleuthkit was installed to so that I can run stuff from the
> commandline. I have tried "find" and "locate" etc but I still can't
> find the folder containing all the commands.
make sure you have gentoolkit installed 'emerge -a gentoolkit' and then
run 'equery files sleuthkit' and that will tell you all the files
portage installed and where it installed them.
> I am on Gentoo 2006.0 with kernel-genkernel-x86-2.6.15-gentoo-r5 if
> that helps.
>
> Any advice appreciated.
>
> Stu Bird
Best Regards,
Rob McCrea
ro...@ze...
http://www.zebralogic.ca
|
