Knowledge is Power
Posts tagged forensics
New to Me
592 days
One of the benefits of testing different isos is that once in a while you run across a new to me program. A new to me program is a program that has been around for a while, but you never knew about it. That makes sense right? So testing the Sabayon XFCE edition and I run across Geany and it’s an instant hit with me. It even has plugins you can add to it. The packages are in entropy as dev-util/geany and dev-util/geany-plugins if you are interested in trying it.
Geany on Sabayon Forensics XFCE
How about that for timing on the screenshot, looks like I have an update from entropy to install. So Sabayon Forensics amd64 is pretty much a go now. It successfully installs and works great. I’m building the x86 shortly to test and once Sabayon 7 is out the door, will work on availability to the public.
Packages added:
sys-apps/mlocate,
media-fonts/droid,
app-misc/screen,
app-forensics/cmospwd,
app-forensics/rkhunter,
app-forensics/sleuthkit,
app-antivirus/clamav,
app-antivirus/clamtk,
app-forensics/autopsy,
app-forensics/mac-robber,
app-forensics/aide,
app-forensics/rdd,
app-crypt/chntpw,
media-video/vlc,
x11-wm/awesome,
net-libs/libnet,
net-libs/netwib,
net-analyzer/traceroute,
media-gfx/picasa,
app-admin/testdisk,
app-crypt/fcrackzip,
app-crypt/johntheripper,
sys-fs/extundelete,
app-forensics/magicrescue,
net-analyzer/nmap,
net-analyzer/netcat6,
net-irc/irssi,
net-analyzer/wireshark,
net-analyzer/tcpdump,
gnome-extra/nm-applet,
net-misc/knock,
www-client/chromium,
x11-terms/terminator,
xfce-extra/tumbler,
app-crypt/gifshuffle,
app-crypt/pdfcrack,
dev-util/geany,
dev-util/geany-plugins,
x11-misc/pcmanfm
Packages Removed:
app-dicts/aspell-de,
app-dicts/aspell-fr,
app-dicts/aspell-it,
app-dicts/aspell-nl,
app-dicts/aspell-pl,
app-dicts/myspell-de,
app-dicts/myspell-es,
app-dicts/myspell-fr,
app-dicts/myspell-it,
app-dicts/myspell-nl,
app-misc/sabayon-music,
mail-client/mailx,
mail-client/mailx-support,
net-p2p/transmission-base,
net-p2p/transmission-gtk+,
www-client/midori,
x11-wm/fluxbox,
x11-terms/xterm,
media-gfx/shotwell,
net-firewall/ufw,
net-firewall/ufw-frontends,
games-misc/cowsay,
app-editors/gedit
Custom skel files of course. Someone asked about Stegnography stuff, but I’m not seeing a lot of programs on this, especially in entropy. I’m open to suggestions for programs on this, but they need to be at least in portage for a package request. I’ve left ophcrack off in this edition. It keeps the file size down so I suggest to those that do want it, you can still have it. You can install ophcrack from entropy to the live session with the command equo install ophcrack –nodeps and than I would keep the ophcrack tables on disk or usb device and than just point ophcrack to those files. I have more luck with chntpw than ophcrack so that is another reason I don’t want to include it. I’m open to suggestions for packages, leave me a message here or email me at wolfden@sabayon.org. Oh yea, remember on the wireshark to add your username to the wireshark group with command like gpasswd -a myawesomenamehere wireshark and you will need to restart your session.
I can smell the Sabayon 7 isos cooking in Italy…..
Learning While Playing for a Better World
1051 days
by wolfden
in Sabayon Linux
I can’t think of a better way to learn something new by playing. Since the “spin era” has begun with Sabayon Linux by using molecule, it’s something new to learn. Joost has posted a quick run down of how to do a basic spin. I’ve been messing around with this molecule thing and have found that adding and subtracting packages is simple enough to do. I do find that specific customizations of the user and root accounts a bit more complicated. I’m still trying to figure that one out yet. Scripting isn’t my strong point at all. I understand what it needs to do, but assembling a script of commands and paths is like writing hieroglyphics. I’m not sure where the script should be placed at in my spec file nor when the script should be invoked.
I didn’t have much interest in doing a spin till I realized that a couple of things in my own personal life stuck out to me. The biggest thing was my constantly working and fixing on people’s windows machines that are constantly plagued with viruses and malware. The idea than came up to make a spin specific to fixing and repairing windows machines. I already knew that Sabayon boots up and works on many machines with no problems, which makes it great for such a job of booting windows machines that don’t. I made my first spin and that same week I had 3 machines come in with problems. I tossed in my spin, did the fixes, and got the machines back to a sane state again. It’s very effective and saves me time. I now carry it around on a usb stick and it’s with me at all times. I learned a lot in the process and now with the structure in place, it’s easy for me to update my original spin with latest entropy.
I was talking with our local Chief of Police who is also on the task force for Child Pornography and discovered that at the last training class they were using old Knoppix disks to access a suspected computer. I was surprised to see how limited they were and decided to take my spin a bit further and add some more stuff. This is when my spin turned into a Sabayon Forensics spin. I collected a list of packages that would be most useful and fairly easily for any law enforcement official to use. Keep in mind that it’s for using at the local level to determine if a suspected computer needs to go into the crime lab. It has the abilities to boot, fix, crack, search, upload, and transfer files easily on any computer. I am using the gnome x86 for my base and plan on doing an x86 KDE one also. My last issue to figure out is how to switch out the default background of the desktop. I want to leave all the other artwork in place, just switch out the desktop background. Once I figure this out, I plan to present this and maybe Sabayon can become a part of fighting crime. If not adopted at the state level, it still will be used at the local level. This is my goal upon boot up:
One last thing before I sign off. Last week we lost one of our staff members in an accident. He was laid to rest on July 3rd and will be missed. He is still in our thoughts and prayers to family and friends. One of our staff members was able to attend the funeral and we sent flowers from the Sabayon crew.
