- Apr 25, 2015
- 1,845
- 2
- 2,199
- 327
There is a song that goes "Smack A Bitch".. so the title of this is "Smack A Bits".
I do not support violence, quite the opposite really. I believe in respecting all women as they are spiritually important and the essence of new human life.
Okay time to get technical and less emo - I am shutting off my feelings for this post.
---
While performing any digital forensics work whether that is investigating memory (volatile forensics) or recovering malicious activity/files from a hard drive (hard drive forensics), you will be happy to know there are tools along your entire journey to help the process become smoother. You would not fist fight a fire breathing dragon and you should not try performing forensic functions without forensics tools. Use the right dragon slayer tools, use the right digital forensics tools (volatility, rkhunter, chkrootkit, and the list may go on...)
Here are some awesome pre-packaged forensic tools on various Linux sysflavs (flavors, distros, wtf-ever ya wanna call 'er):
Ubuntu
Debian
Arch
aur.archlinux.org
FreeBSD
github.com
Now keep in mind that these are just packages. There are entire forensic distros for example:
BlackArch https://blackarch.org/forensic.html
You may also search through https://blackarch.org/guide.pdf for blackarch-anti-forensic and blackarch-forensic
Knoppix STD is rather old (2004) but worth a glance https://s-t-d.org/
ALT Linux Rescue It is designed to help sysadmins fix and repair different kinds of problems such as resize partitions, recover files and partitions, optimize file system usage, etc. It can be found at: https://en.altlinux.org/Rescue
BackBox Linux: It is an Ubuntu based distro created for Forensic and Penetration Testing purposes. It is fast and easy. Having its own software repositories, it is fast, easy and provides minimal yet complete desktop environment. It can be found at: http://www.backbox.org/
BlackArch Linux: It is based on Arch Linux and is used for Forensics and Penetration Testing purposes. Its repository contains 1806 different tools which helps the user in the above mentioned practices. It can be found at: https://blackarch.org/
CAINE: Computer Aided Investigative Environment or as its popularly known as CAINE is an Italian GNU/Linux based Live distro created for Digital Forensics. It offers a complete forensic environment and can integrate existing softwares and modules. It can be found at: http://www.caine-live.net/
DEFT: Digital Evidence and Forensics Toolkit or commonly known as DEFT is a distro made for Digital Forensics with the purpose of running on a Live CD. It is based on GNU/Linux. It uses LXDE as desktop environment and WINE for executing Windows tools. It can be found at: http://www.deftlinux.net/
GRML-Forensic: It is a system designed for forensic investigations and data rescue tasks. Its main purpose is to acquire user data. It can be found at: https://grml-forensic.org/
Helix3/Helix3 Pro: Helix focuses on Incident Response and forensics tools. It is used by individuals who have a sound understanding of Incident Response and forensic techniques. However, according to its support blog, the free version, Helix3, would not be getting any updates anymore. Helix3 Pro is its commercial paid version. It can be found at: http://www.e-fense.com/
Kali Linux: Kali Linux is the most widely used Operating System by security professionals. It’s previous version, BackTrack, made a mark on the industry. It provides tools for Computer Forensics as well as Penetration Testing. Its Forensic Mode was first introduced in BackTrack. It can be found at: https://www.kali.org/
MacQuisition: It is a powerful 3-in-1 solution for live data acquisition, targeted data collection, and forensic imaging. It runs on Mac OSX and acquires data from over 185 different Macintosh computer models in their native environment. It is a paid software. It can be found at: https://www.blackbagtech.com/software-products/macquisition.html
Matriux: Based on Debian, it is a fully featured security distro. It consists of more than 300 open source and free tools that can be used for various purposes such as Penetration Testing, Computer Forensics, Ethical Hacking, etc. It can be found at: http://www.matriux.com/index.php?language=en
Parrot OS: It based on GNU/Linux and was designed with cloud penetration testing and IoT security in mind. It also includes a full portable lab for security and digital forensics. It also provides everything a user would need to develop his/her own security tools and protect their privacy with anonymity and crypto tools. It can be found at: https://www.parrotsec.org/
Pentoo Linux: Based on Gentoo, it is a security-focused Live CD. It consists of lot of customized tools, customized kernel, etc. It is essentially, Pentoo is Gentoo with the Pentoo overlay. It can be found at: http://www.pentoo.ch/
PlainSight: It is a computer forensics environment that allows beginners in the field perform common tasks using powerful open source tools. It can be found at: http://www.plainsight.info/
Safe Boot Disk: It is designed to boot any Intel based computer into a forensically sound Microsoft Windows environment. All disks attached are, fixed and removable, are write-blocked using the SAFE software write-blocking engine during boot time. It can be found at: https://www.forensicsoft.com/help/SAFE_Boot1-1/
SMART Linux: It has been developed for Data Forensics, Electronic Discovery and Incident Response. It can be found at: http://www.asrdata.com/forensic-software/smart-linux/
Urix OS: Formerly NetSecL, it is a security-focused distro based on OpenSUSE. It consists of tools for Penetration Testing and Computer Forensics. It can be found at: http://urix.us/
WinFE: Windows Forensic Environment or WinFE was created by simply adding two registry keys to the Windows Vista Pre-Installation Environment 2.0. These keys prevented the auto-mounting of some of the volumes at boot time, which then allowed the creation of a rudimentary Microsoft based forensic boot Live CD. It can be found at: http://www.ramsdens.org.uk/index.html
Pulling Notepad.exe text out of Windows: https://www.andreafortuna.org/2018/...-a-notepad-window-from-a-windows-memory-dump/ after a ram dump is performed.
*RANDOM* P.S. buy these for your girlfriend for Christmas: https://www.cafepress.com/+tux_the_penguin_boy_brief,484122876 hah.
This would be good for a pregnant wife lol: https://www.cafepress.com/mf/50362184/html_maternity?productId=504193330
SleuthKit and Autopsy are both lovely forensics tools to mess about with if pursuing forensics practice (experience/studies): https://www.sleuthkit.org/
---
I am highly curious what any of you (yes you in our community) have used or prefer using when trying to "Smack A Bits Clean", what I mean by this is obviously how you get a system investigated efficiently.
I do not support violence, quite the opposite really. I believe in respecting all women as they are spiritually important and the essence of new human life.
Okay time to get technical and less emo - I am shutting off my feelings for this post.
---
While performing any digital forensics work whether that is investigating memory (volatile forensics) or recovering malicious activity/files from a hard drive (hard drive forensics), you will be happy to know there are tools along your entire journey to help the process become smoother. You would not fist fight a fire breathing dragon and you should not try performing forensic functions without forensics tools. Use the right dragon slayer tools, use the right digital forensics tools (volatility, rkhunter, chkrootkit, and the list may go on...)
Here are some awesome pre-packaged forensic tools on various Linux sysflavs (flavors, distros, wtf-ever ya wanna call 'er):
Ubuntu
Debian
Arch
AUR (en) - Packages
aur.archlinux.org
FreeBSD
SANS Digital Forensics and Incident Response Blog | FreeBSD Computer Forensic Tips & Tricks | SANS Institute
SANS Digital Forensics and Incident Response Blog blog pertaining to FreeBSD Computer Forensic Tips & Tricks
digital-forensics.sans.org
GitHub - mbhatt1/FreeBmAM: FreeBmAM ~ Free B-sd m-emory A-cquisition M-odule Tool/Kernel Module allows acquisition of all volatile memory from FreeBSD(and maybe BSD-style systems). Tested on FreeBSD 11.1 32-bit with RAM in multiples of 4096k. BSD Mem
FreeBmAM ~ Free B-sd m-emory A-cquisition M-odule Tool/Kernel Module allows acquisition of all volatile memory from FreeBSD(and maybe BSD-style systems). Tested on FreeBSD 11.1 32-bit with RAM in m...
github.com
Now keep in mind that these are just packages. There are entire forensic distros for example:
BlackArch https://blackarch.org/forensic.html
You may also search through https://blackarch.org/guide.pdf for blackarch-anti-forensic and blackarch-forensic
Knoppix STD is rather old (2004) but worth a glance https://s-t-d.org/
ALT Linux Rescue It is designed to help sysadmins fix and repair different kinds of problems such as resize partitions, recover files and partitions, optimize file system usage, etc. It can be found at: https://en.altlinux.org/Rescue
BackBox Linux: It is an Ubuntu based distro created for Forensic and Penetration Testing purposes. It is fast and easy. Having its own software repositories, it is fast, easy and provides minimal yet complete desktop environment. It can be found at: http://www.backbox.org/
BlackArch Linux: It is based on Arch Linux and is used for Forensics and Penetration Testing purposes. Its repository contains 1806 different tools which helps the user in the above mentioned practices. It can be found at: https://blackarch.org/
CAINE: Computer Aided Investigative Environment or as its popularly known as CAINE is an Italian GNU/Linux based Live distro created for Digital Forensics. It offers a complete forensic environment and can integrate existing softwares and modules. It can be found at: http://www.caine-live.net/
DEFT: Digital Evidence and Forensics Toolkit or commonly known as DEFT is a distro made for Digital Forensics with the purpose of running on a Live CD. It is based on GNU/Linux. It uses LXDE as desktop environment and WINE for executing Windows tools. It can be found at: http://www.deftlinux.net/
GRML-Forensic: It is a system designed for forensic investigations and data rescue tasks. Its main purpose is to acquire user data. It can be found at: https://grml-forensic.org/
Helix3/Helix3 Pro: Helix focuses on Incident Response and forensics tools. It is used by individuals who have a sound understanding of Incident Response and forensic techniques. However, according to its support blog, the free version, Helix3, would not be getting any updates anymore. Helix3 Pro is its commercial paid version. It can be found at: http://www.e-fense.com/
Kali Linux: Kali Linux is the most widely used Operating System by security professionals. It’s previous version, BackTrack, made a mark on the industry. It provides tools for Computer Forensics as well as Penetration Testing. Its Forensic Mode was first introduced in BackTrack. It can be found at: https://www.kali.org/
MacQuisition: It is a powerful 3-in-1 solution for live data acquisition, targeted data collection, and forensic imaging. It runs on Mac OSX and acquires data from over 185 different Macintosh computer models in their native environment. It is a paid software. It can be found at: https://www.blackbagtech.com/software-products/macquisition.html
Matriux: Based on Debian, it is a fully featured security distro. It consists of more than 300 open source and free tools that can be used for various purposes such as Penetration Testing, Computer Forensics, Ethical Hacking, etc. It can be found at: http://www.matriux.com/index.php?language=en
Parrot OS: It based on GNU/Linux and was designed with cloud penetration testing and IoT security in mind. It also includes a full portable lab for security and digital forensics. It also provides everything a user would need to develop his/her own security tools and protect their privacy with anonymity and crypto tools. It can be found at: https://www.parrotsec.org/
Pentoo Linux: Based on Gentoo, it is a security-focused Live CD. It consists of lot of customized tools, customized kernel, etc. It is essentially, Pentoo is Gentoo with the Pentoo overlay. It can be found at: http://www.pentoo.ch/
PlainSight: It is a computer forensics environment that allows beginners in the field perform common tasks using powerful open source tools. It can be found at: http://www.plainsight.info/
Safe Boot Disk: It is designed to boot any Intel based computer into a forensically sound Microsoft Windows environment. All disks attached are, fixed and removable, are write-blocked using the SAFE software write-blocking engine during boot time. It can be found at: https://www.forensicsoft.com/help/SAFE_Boot1-1/
SMART Linux: It has been developed for Data Forensics, Electronic Discovery and Incident Response. It can be found at: http://www.asrdata.com/forensic-software/smart-linux/
Urix OS: Formerly NetSecL, it is a security-focused distro based on OpenSUSE. It consists of tools for Penetration Testing and Computer Forensics. It can be found at: http://urix.us/
WinFE: Windows Forensic Environment or WinFE was created by simply adding two registry keys to the Windows Vista Pre-Installation Environment 2.0. These keys prevented the auto-mounting of some of the volumes at boot time, which then allowed the creation of a rudimentary Microsoft based forensic boot Live CD. It can be found at: http://www.ramsdens.org.uk/index.html
Pulling Notepad.exe text out of Windows: https://www.andreafortuna.org/2018/...-a-notepad-window-from-a-windows-memory-dump/ after a ram dump is performed.
*RANDOM* P.S. buy these for your girlfriend for Christmas: https://www.cafepress.com/+tux_the_penguin_boy_brief,484122876 hah.
This would be good for a pregnant wife lol: https://www.cafepress.com/mf/50362184/html_maternity?productId=504193330
SleuthKit and Autopsy are both lovely forensics tools to mess about with if pursuing forensics practice (experience/studies): https://www.sleuthkit.org/
---
I am highly curious what any of you (yes you in our community) have used or prefer using when trying to "Smack A Bits Clean", what I mean by this is obviously how you get a system investigated efficiently.