IMPORTANT: Per accedir als fitxer de subversion: (sense password). Poc a poc s'aniran migrant els enllaços. Encara però funciona el subversion de la farga però no se sap fins quan... (usuari: prova i la paraula de pas 123456)

Live CDs



The F.I.R.E. Boot CD

The F.I.R.E. Boot CD

Getting Started with F.I.R.E. • Boot to F.I.R.E. • F.I.R.E. can boot in X-Windows or Console mode • I prefer console (boot option 1) because there is less going on with the system • When booting to console mode, a menu is displayed • Change to another VT (Ctrl-Alt-F2) and type everything on the command line • Log in as root - the root password is “firefire”



$ sudo apt-get install dcfldd

Hash on the fly. Wipe drive with:

$ dcfldd if=/dev/zero of=/dev/hda bs=8k conv=noerror,sync

Discs durs

Disc Carving


$ sudo apt-get install foremost

Can run on disk image or on loopback devices

$ foremost –o loopa3_fm –v /dev/loopa3

Can also be run on free space (.dls) extracted by Autopsy


Cerca de patrons

NSRL: National Software Reference Library



Vegeu grep

Sleuth Kit

Sleuth Kit. Per instal·lar:

$ sudo apt-get install sleuthkit


Vegeu Autopsy

Altres eines

  • MD5deep ( – recursive md5s
  • Fatback ( – File uneraser for FAT file systems
  • Stegdetect ( - will detect some kinds of steganography in images. Vegeu Steganografia
  • Galleta ( – IE Cookie Parser
  • Pasco ( – IE Activity Parser
  • Rifiuti ( – Recycle Bin INFO2
  • File Parser LibPST ( – converts Outlook and Outlook Express files to Linux mbox format

Altres fonts informació

  • Information about the National Software Reference Library (NSRL) -
  • Tools, forums, mailing lists -
  • Penguin Sleuth CD, forums, and information -
  • Tools and information -
  • The Coroner’s Toolkit -
  • Honeynet Project Scans of the Month ( #15, #24, and #26 deal with forensics
  • SleuthKit/Autopsy information, mailing list, and download –
  • Case studies of Honeynet Scans
  • Great news letter -
  • Linux Forensic User Group -

Vegeu també

Enllaços externs