Forensicating, "Smack A Bits Clean"

Asphyxia

Owner
Administrator
Apr 25, 2015
1,845
2
2,199
327
There is a song that goes "Smack A Bitch".. so the title of this is "Smack A Bits".

I do not support violence, quite the opposite really. I believe in respecting all women as they are spiritually important and the essence of new human life.

Okay time to get technical and less emo - I am shutting off my feelings for this post.

---

While performing any digital forensics work whether that is investigating memory (volatile forensics) or recovering malicious activity/files from a hard drive (hard drive forensics), you will be happy to know there are tools along your entire journey to help the process become smoother. You would not fist fight a fire breathing dragon and you should not try performing forensic functions without forensics tools. Use the right dragon slayer tools, use the right digital forensics tools (volatility, rkhunter, chkrootkit, and the list may go on...)

Here are some awesome pre-packaged forensic tools on various Linux sysflavs (flavors, distros, wtf-ever ya wanna call 'er):

Ubuntu

Debian

Arch


FreeBSD

Now keep in mind that these are just packages. There are entire forensic distros for example:

BlackArch https://blackarch.org/forensic.html
You may also search through https://blackarch.org/guide.pdf for blackarch-anti-forensic and blackarch-forensic

Knoppix STD is rather old (2004) but worth a glance https://s-t-d.org/

ALT Linux Rescue It is designed to help sysadmins fix and repair different kinds of problems such as resize partitions, recover files and partitions, optimize file system usage, etc. It can be found at: https://en.altlinux.org/Rescue

BackBox Linux: It is an Ubuntu based distro created for Forensic and Penetration Testing purposes. It is fast and easy. Having its own software repositories, it is fast, easy and provides minimal yet complete desktop environment. It can be found at: http://www.backbox.org/

BlackArch Linux: It is based on Arch Linux and is used for Forensics and Penetration Testing purposes. Its repository contains 1806 different tools which helps the user in the above mentioned practices. It can be found at: https://blackarch.org/

CAINE: Computer Aided Investigative Environment or as its popularly known as CAINE is an Italian GNU/Linux based Live distro created for Digital Forensics. It offers a complete forensic environment and can integrate existing softwares and modules. It can be found at: http://www.caine-live.net/

DEFT: Digital Evidence and Forensics Toolkit or commonly known as DEFT is a distro made for Digital Forensics with the purpose of running on a Live CD. It is based on GNU/Linux. It uses LXDE as desktop environment and WINE for executing Windows tools. It can be found at: http://www.deftlinux.net/

GRML-Forensic: It is a system designed for forensic investigations and data rescue tasks. Its main purpose is to acquire user data. It can be found at: https://grml-forensic.org/

Helix3/Helix3 Pro: Helix focuses on Incident Response and forensics tools. It is used by individuals who have a sound understanding of Incident Response and forensic techniques. However, according to its support blog, the free version, Helix3, would not be getting any updates anymore. Helix3 Pro is its commercial paid version. It can be found at: http://www.e-fense.com/

Kali Linux: Kali Linux is the most widely used Operating System by security professionals. It’s previous version, BackTrack, made a mark on the industry. It provides tools for Computer Forensics as well as Penetration Testing. Its Forensic Mode was first introduced in BackTrack. It can be found at: https://www.kali.org/

MacQuisition: It is a powerful 3-in-1 solution for live data acquisition, targeted data collection, and forensic imaging. It runs on Mac OSX and acquires data from over 185 different Macintosh computer models in their native environment. It is a paid software. It can be found at: https://www.blackbagtech.com/software-products/macquisition.html

Matriux: Based on Debian, it is a fully featured security distro. It consists of more than 300 open source and free tools that can be used for various purposes such as Penetration Testing, Computer Forensics, Ethical Hacking, etc. It can be found at: http://www.matriux.com/index.php?language=en

Parrot OS: It based on GNU/Linux and was designed with cloud penetration testing and IoT security in mind. It also includes a full portable lab for security and digital forensics. It also provides everything a user would need to develop his/her own security tools and protect their privacy with anonymity and crypto tools. It can be found at: https://www.parrotsec.org/

Pentoo Linux: Based on Gentoo, it is a security-focused Live CD. It consists of lot of customized tools, customized kernel, etc. It is essentially, Pentoo is Gentoo with the Pentoo overlay. It can be found at: http://www.pentoo.ch/

PlainSight: It is a computer forensics environment that allows beginners in the field perform common tasks using powerful open source tools. It can be found at: http://www.plainsight.info/

Safe Boot Disk: It is designed to boot any Intel based computer into a forensically sound Microsoft Windows environment. All disks attached are, fixed and removable, are write-blocked using the SAFE software write-blocking engine during boot time. It can be found at: https://www.forensicsoft.com/help/SAFE_Boot1-1/

SMART Linux: It has been developed for Data Forensics, Electronic Discovery and Incident Response. It can be found at: http://www.asrdata.com/forensic-software/smart-linux/

Urix OS: Formerly NetSecL, it is a security-focused distro based on OpenSUSE. It consists of tools for Penetration Testing and Computer Forensics. It can be found at: http://urix.us/

WinFE: Windows Forensic Environment or WinFE was created by simply adding two registry keys to the Windows Vista Pre-Installation Environment 2.0. These keys prevented the auto-mounting of some of the volumes at boot time, which then allowed the creation of a rudimentary Microsoft based forensic boot Live CD. It can be found at: http://www.ramsdens.org.uk/index.html

Pulling Notepad.exe text out of Windows: https://www.andreafortuna.org/2018/...-a-notepad-window-from-a-windows-memory-dump/ after a ram dump is performed.

*RANDOM* P.S. buy these for your girlfriend for Christmas: https://www.cafepress.com/+tux_the_penguin_boy_brief,484122876 hah.
This would be good for a pregnant wife lol: https://www.cafepress.com/mf/50362184/html_maternity?productId=504193330

SleuthKit and Autopsy are both lovely forensics tools to mess about with if pursuing forensics practice (experience/studies): https://www.sleuthkit.org/

---

I am highly curious what any of you (yes you in our community) have used or prefer using when trying to "Smack A Bits Clean", what I mean by this is obviously how you get a system investigated efficiently.
 
Top