From owner-freebsd-security@FreeBSD.ORG Wed Feb 18 23:34:35 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E58E916A4CE for ; Wed, 18 Feb 2004 23:34:35 -0800 (PST) Received: from amaunetsgothique.com (31.amaunetsgothique.com [69.17.34.31]) by mx1.FreeBSD.org (Postfix) with ESMTP id C11E843D31 for ; Wed, 18 Feb 2004 23:34:35 -0800 (PST) (envelope-from chort@amaunetsgothique.com) Received: from ([10.8.1.3]) by phalanx.amaunetsgothique.com with ESMTP ; Wed, 18 Feb 2004 23:34:11 -0800 (PST) Received: from [10.8.1.3] (abydos.amaunetsgothique.com [10.8.1.3]) by abydos.amaunetsgothique.com (Postfix) with ESMTP id E4F971A43E for ; Wed, 18 Feb 2004 23:34:10 -0800 (PST) From: Brian Keefer To: freebsd-security@freebsd.org In-Reply-To: <20040216202051.GA15307@tikitechnologies.com> References: <20040216200052.BAC7C16A4FA@hub.freebsd.org> <20040216202051.GA15307@tikitechnologies.com> Content-Type: text/plain Organization: Message-Id: <1077176050.22253.13.camel@abydos.amaunetsgothique.com> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.2.4 Date: 18 Feb 2004 23:34:10 -0800 Content-Transfer-Encoding: 7bit Subject: Re: Rooted system X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Feb 2004 07:34:36 -0000 On Mon, 2004-02-16 at 12:20, Clifton Royston wrote: > > And now what? [ You are unclear to me ] > > > > Well, you could use a Security Toolkit Distribution from Knoppix, called > > knoppix-std > > And do some research with that. > > More generic forensic help (less Linux-specific) might come from the > "Coroner's Toolkit" from the team of Wietse Venema and Dan Farmer > (SATAN et al., and also TCPwrap and Postfix in the case of Wietse.) > It's supposed to be pretty cross-platform with BSD support. > > > FYI the Knoppix-STD live-CD does have an extended version of Coroner's Toolkit. Have a look: http://www.knoppix-std.org/tools.html Also, although it's a Linux distribution, it's *not* expressly for Linux forensics. It has NTFS rw support (limited) and Windows password reset functions, etc... In other words, it's a multi-OS generic forensics kit. I'm fairly certain that it does have support for mount -t ufs, but I haven't confirmed that. -- Brian Keefer, CISSP Systems Engineer CipherTrust Inc, www.CipherTrust.com