From owner-freebsd-stable@FreeBSD.ORG Sun Aug 3 09:53:30 2003 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B737937B404 for ; Sun, 3 Aug 2003 09:53:30 -0700 (PDT) Received: from mail.yadt.co.uk (yadt.demon.co.uk [158.152.4.134]) by mx1.FreeBSD.org (Postfix) with SMTP id 3B2EE43FA3 for ; Sun, 3 Aug 2003 09:53:27 -0700 (PDT) (envelope-from davidt@yadt.co.uk) Received: (qmail 63838 invoked from network); 3 Aug 2003 16:53:24 -0000 Received: from unknown (HELO mail.gattaca.yadt.co.uk) (@10.0.0.2) by yadt.demon.co.uk with SMTP; 3 Aug 2003 16:53:24 -0000 Received: (qmail 16341 invoked by uid 1000); 3 Aug 2003 16:53:23 -0000 Date: Sun, 3 Aug 2003 17:53:23 +0100 From: David Taylor To: freebsd-stable@freebsd.org, freebsd-security@freebsd.org Message-ID: <20030803165322.GA60646@gattaca.yadt.co.uk> Mail-Followup-To: freebsd-stable@freebsd.org, freebsd-security@freebsd.org References: <200308030920.45437.rootman22@comcast.net> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-15 Content-Disposition: inline In-Reply-To: <200308030920.45437.rootman22@comcast.net> User-Agent: Mutt/1.4.1i Subject: Re: Forensics CD Toolkit for FreeBSD X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Aug 2003 16:53:31 -0000 On Sun, 03 Aug 2003, Joe Warner wrote: > Hi, > > I'd like to build a toolkit CD specifically for conducting > forensics on FreeBSD. I'm not talking about a bootable > CD but rather one that I could pop into a CD ROM drive > and run trusted commands like ps, netstat, ls, etc., from. It would probably need to be a bootable CD-ROM, so that you could trust the kernel wasn't modified to hide information from ps/netstat/ls/etc. > I'd like to build a CD that would work on -RELEASE versions > of FreeBSD like 5.1 and -STABLE versions of FreeBSD too. > > Can anyone give me any pointers about how I might accomplish > this? > > I've spent hours searching Google and only found a few links about > a guy named Joe Magee who was trying to do the same thing but > couldn't find his email addy. I searched the FreeBSD archives but > get: > > None of the archives you requested (freebsd-questions, freebsd-security and > freebsd-stable) are available at this time. > > Please try again later, or return to the search page and select a different > archive. > I think there's other archives of the lists on the mailman site now, but I'm not too sure. -- David Taylor davidt@yadt.co.uk "The future just ain't what it used to be"