From owner-freebsd-stable@FreeBSD.ORG  Sun Aug  3 08:20:35 2003
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id DB93637B409; Sun,  3 Aug 2003 08:20:35 -0700 (PDT)
Received: from sccrmhc13.comcast.net (sccrmhc13.comcast.net [204.127.202.64])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 110B343FCB; Sun,  3 Aug 2003 08:20:35 -0700 (PDT)
	(envelope-from rootman22@comcast.net)
Received: from 12-209-185-111.client.attbi.com ([12.209.185.111])
          by comcast.net (sccrmhc13) with SMTP
          id <20030803152034016009ig68e>; Sun, 3 Aug 2003 15:20:34 +0000
From: Joe Warner <rootman22@comcast.net>
To: freebsd-stable@freebsd.org
Date: Sun, 3 Aug 2003 09:20:45 -0600
User-Agent: KMail/1.5.2
MIME-Version: 1.0
Content-Type: text/plain;
  charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200308030920.45437.rootman22@comcast.net>
cc: freebsd-security@freebsd.org
Subject: Forensics CD Toolkit for FreeBSD
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Production branch of FreeBSD source code
	<freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 03 Aug 2003 15:20:36 -0000

Hi,

I'd like to build a toolkit CD specifically for conducting
forensics on FreeBSD.  I'm not talking about a bootable
CD but rather one that I could pop into a CD ROM drive
and run trusted commands like ps, netstat, ls, etc., from.

I'd like to build a CD that would work on -RELEASE versions
of FreeBSD like 5.1 and -STABLE versions of FreeBSD too.

Can anyone give me any pointers about how I might accomplish
this?

I've spent hours searching Google and only found a few links about
a guy named Joe Magee who was trying to do the same thing but
couldn't find his email addy.  I searched the FreeBSD archives but
get:

None of the archives you requested (freebsd-questions, freebsd-security and 
freebsd-stable) are available at this time.

Please try again later, or return to the search page and select a different 
archive.

Thanks

Joe