F.I.R.E
Forensics workstation/Data Recovery
Instantly deploy a linux workstation with a large collection of security related tools, and a GUI interface. A must have for every Penetration Tester.
Just Burn to CD and Boot!
Don't forget to give yourself an IP once you have a bash shell, for Example:
bash# ifconfig eth0 192.168.1.9
Instantly deploy a forensics workstation with tct, tctutils, mac-robber, and autopsy
also provides perl 5.6.1 compiled with Large File Support.
Live System Incident Response
Binaries are available for Incident Response on a live machine.
Virus Scanning
Utilizing F-Prot 3.11beta http://www.f-prot.com you can scan for virii, worms, trojans, and all around harmful code.
Just mount the filesystems that you want to scan and execute 'f-prot.'
Any filesystem you can mount, you can scan.
mount and scan fat/ntfs/ext2/ext3/reiserfs partitions
Scan your windows machines offline for virii that may not be detected with an "after the fact" anti-virus
software installation.
Pen-Testing Platform
I should NOT have to explain this portion:
If the tools you would like to use are not in the distribution please make a request!
Q: What can I do with it?
A: Among other things, you can use F.I.R.E. to
* collect data from a potentially compromised host and do a forensic analysis
* respond to a security incident using trusted binaries
* recover data from lost partitions
* do a virus check of your harddrives in a clean environment
* carry out a penetration test or vulnerability assessment
F.I.R.E. can be booted into a comfortable X-Window environment or operated
from a standard text console (even over a serial cable).
Menus that help you perform common tasks are available in both cases.
More info here:
http://fire.dmzs.com/
Current version is 0.4a available at:
http://prdownloads.sourceforge.net/biatchux/fire-0.4a.iso?download (578M iso image)
Somemore helpfull information about FORENSIC, IDS, INCIDENT RESPONSE
http://www.geschonneck.com/security/forensic.html
../
