Mayank's previous article "use LinuxLiveCD assessment system security" describes the LiveCD, also describes some can help you evaluate your computer system security tools.
But if the system is facing threats to security and is used for illegal or unauthorized activities, and what to do? option is a request for help computer security experts. You can download the tool used by the experts, learn how to use these tools to become integrity protection and data recovery expert. Totally don't have to worry about the tools installation – this is a LiveCD! on LiveCDLiveCD is stored on a bootable operating system on the CD-ROM (and other software), this CD-ROM to perform OS without the need for lengthy installation process. Most LiveCD are based on the Linux kernel (but there are also some LiveCD for other operating systems). LiveCD works is to place the file to the RAM disk (this reduces the application can use the RAM, so performance may degrade). Once you remove the LiveCD and restart the system after the system is restored. Some LiveCD also provides an installation tool, allowing you to mount the system hard disk or USB disk; most LiveCD can access internal/external hard drive, disk or Flash memory. Syslinux is used to boot the LiveCD based on Linux, as well as the Linux floppy disk. For PC, the bootable CD are usually comply with the specifications, will be ElTorito disk for a file on a (possibly hidden) as one of the floppy disk images. Many LiveCD uses compressed file system image, which normally use the cloop compressed loopback driver effectively double the storage capacity utilization. There are many emulators can be used to try out LiveCD, without the need to burn it into CD or started on the computer. Supports the most extensive i386 emulator is VMware. There are other emulator Qemu, Bochs, PearPC and they can be used to simulate the x 86 and PowerPC ® platform or both; but because of the use of simulation methods, therefore faster than some commercial Simulator. Another commercial Simulator is VirtualPC. Investigation of computer intrusion into computer and computer network and under cover for serious illegal activities is a very common behavior, even common to many people who have achieved such conduct necessary skill. However, the detection and the ability to capture the intruder is not as common. Great (although imaginary) detective Sherlock Holmes once said: "in the collection of all the evidence before it that reasoning is a great mistake. This will let the judge biased. "From the encounter security threats in the system to collect evidence is the computer" forensics "expert (digital era of Sherlock Holmes). They use specialized tools to gather, study and analysis of information about the system. For this kind of work, the best tool is open source tool, this is not surprising. TheCoroner'sToolkit (TCT), SleuthKit, AutopsyForensicBrowser and FLAG (ForensicsLogAnalysisGUI) are very popular tool that not only security experts like to use these tools, many computer security course lecturers are all like this tool. Helix and many specialized LiveCD, Helix is also produced on demand. AndrewFahey is e-fenseInc. a cooperative security expert, he to Knoppix as a basis, and add a lot of daily work in the use of tools. "Helix user very sense of participation. The world has a Helix of users who continue to provide feedback. Because the people are in different environments using Helix, therefore to ensure that all components in all cases to complete the work is an ongoing, time-consuming tasks. So I rely on the user feedback to improve and fix their Helix, finds fault. I would also like to rely on user complete language translation. "Andrew said. Helix has a Windows ® Terminal activity interface that allows image a LiveWindows system. This interface has been translated into German and will soon have a Portuguese version. In addition, many events/response tool was originally formed the idea of a design. Many organizations, educational institutions have begun to use Helix, including NationalWhiteCollarCrimeCenter (NW3C), SystemAdministratorNetworkSecurity Institute (SANS) and NationalConsortiumforJusticeInformationandStatistics. Helix is not installed on your hard disk, but future versions may have this feature. "I want to be able to have a similar to Fedora uses the hardware recognition hardware abstraction layer. Until recently, we've just added the union-fs module, this is what we need to overcome a major obstacle. "Andrew said. Although most of the tools in the Helix is Andrew himself chose, but some of the tools recommended by the community. Andrew face the biggest problems is that some of the tools requires a license. The next version will offer some update tool, the new Adepto programs, Retriever and Andrew had been using the program and provide SleuthKit and PyFLAG. Plan-BJeremyMcDaniel developed by Plan-B is a forensics LiveCD, inspiration comes from PeterAnVin SuperRescueCD. It is based in RedHat9, run BlackboxWindowManager, and use the zisofs filesystem will be about 1.4GB data compression to a CD. There are some forensic analysis tools, such as the Autopsy, TheSleuthKit, BCWipe, etc, there are many other daily use tools, such as e-mail client software, browsers, chat clients software and text editor. According to the project's Web site: (the next version of) the biggest change is the most current software (if not all) are updated, and also will add 2.6 Fedora kernel, roll back to. The master database to MySQL, to add a new application server. Create the eServer ™ based Security/Auditing/PlanningModule plans are already in operation. It ultimately as a standalone application for publishing. Plan-B will be used only as a mobile test solutions. This tool will be used to audit based on the team and have the ability to penetrate the report to create the test interface. Closing imagine, we can use a bootable LinuxCD directly to experienced computer forensic expert skills. This is not a dream. This article describes the LiveCD making dreams a reality. I wish your detective road! original link: http://www-128.ibm.com/developerworks/cn/linux/l-livecddiag/
No comments:
Post a Comment