Forensics CD Toolkit for FreeBSD
David Taylor
davidt at yadt.co.uk
Sun Aug 3 09:53:31 PDT 2003
On Sun, 03 Aug 2003, Joe Warner wrote:
> Hi,
>
> I'd like to build a toolkit CD specifically for conducting
> forensics on FreeBSD. I'm not talking about a bootable
> CD but rather one that I could pop into a CD ROM drive
> and run trusted commands like ps, netstat, ls, etc., from.
It would probably need to be a bootable CD-ROM, so that you could trust
the kernel wasn't modified to hide information from ps/netstat/ls/etc.
> I'd like to build a CD that would work on -RELEASE versions
> of FreeBSD like 5.1 and -STABLE versions of FreeBSD too.
>
> Can anyone give me any pointers about how I might accomplish
> this?
>
> I've spent hours searching Google and only found a few links about
> a guy named Joe Magee who was trying to do the same thing but
> couldn't find his email addy. I searched the FreeBSD archives but
> get:
>
> None of the archives you requested (freebsd-questions, freebsd-security and
> freebsd-stable) are available at this time.
>
> Please try again later, or return to the search page and select a different
> archive.
>
I think there's other archives of the lists on the mailman site now, but
I'm not too sure.
--
David Taylor
davidt at yadt.co.uk
"The future just ain't what it used to be"
More information about the freebsd-stable
mailing list