New to TrinuxLois,
The answer is yes. I use it for initial investigations to view hard drive
contents without the risk of modifying any of the data. You can also save
files for investigation offline without the user knowing that the computer
has been accessed. However, you better know something about *nix commands. I
also use it for imaging disks for forensic analysis.
Richard Thomas
Phone: (512) 249-8823
Email: ri...@th...
-----Original Message-----
From: tri...@li...
[mailto:tri...@li...]On Behalf Of Lois Lehman
Sent: Friday, February 15, 2002 5:08 PM
To: 'tri...@li...'
Subject: [Trinux-talk] New to Trinux
I am new to Trinux and trying to learn if it can be used as I understood
the case when I went looking for it. What I hope to do is add it to my
toolkit for network security incident response. Can I use the floppies to
boot a box that has been compromised and poke around on its hard drive to
see the system logs and such using the clean tools off the Trinux floppies?
I would appreciate any assistance that can be shared on this. Thanks in
advance!
Lois Lehman, GSEC
Arizona State University
480-965-3139
|
