E-mail Comment Del.icio.us Digg Reddit Technorati Furl

New BackTrack 4 “Forensics Mode”

Jun 2, 2009 Security News

The soon-to-be-released BackTrack 4 will have the possibility of a “Forensics Mode”:

For a long time now, Linux live CDs have been very useful for forensic acquisition purposes when for one reason or another you can’t utilize a hardware write blocker. For a Linux live CD to be considered for this purpose however, it is of the utmost importance that the use of the live CD in no way alters any data in any manner.

In the past, this ruled out the use of Backtrack for forensic purposes. Backtrack would automount available drives and utilize swap. This could cause all sorts of havoc, changing last mount times, altering data on disk, and so on.

Well, no longer! The Backtrack 4 Live CD has incorporated changes to allow a boot mode which is forensically clean. This is great news, as with Backtrack being such a popular live CD, a copy can often be found close at hand.

This option will be made available from the Grub boot menu:

This entry was posted on Tuesday, June 2nd, 2009 at 12:57 and is filed under Security News. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>