Check out
Helix LiveCD. It has F-Prot anti-virus as well as Clam Anti-Virus, and some cool programs.
Here's what the current version has:
" Incident Response / Forensics Tools:
* SMART 2004-10-05E : ASR Data's Eval of SMART.
* sleuthkit 1.73 : Brian Carrier's replacement to The Coroner's Toolkit.
* autopsy 2.03 : Web front-end to sleuthkit. Evidence Locker defaults to /var/local/evidence
* mac-robber 1.0 : TCT's graverobber written in C rather than perl
* fenris .07 : code debugging, tracing, decompiling, reverse engineering tool
* wipe 0.20-1 : Secure file deletion.
* MAC_Grab : e-fense MAC time utility.
* GRAB 1.2.2 : e-fense Forensic Acquisition Utility (sdd/dd/dcfldd frontend).
* foremost 0.69 : Carves out files based on header and footer values.
* fatback 1.3 : Analyze and recover deleted FAT files from Linux.
* md5deep 1.2 : Recursive md5sum with database lookups.
* sha15deep 1.2 : Recursive sha1sum with database lookups.
* dcfldd 1.0 : dd replacement from the guys at the original lab (DOD_DCFL).
* sdd 1.31-3 : Specialized dd w/better preformance for different input/output block sizes.
* PyFLAG 0.72 : Forensic and Log Analysis GUI.
* Faust 1.13 : A perl script for analyzing elf binaries and bash scripts.
* e2recover 1.0 : A tool for recovering deleted files in an ext2 file system.
* Pasco 1.0 : Forensic tool for Internet Explorer Analysis.
* Galleta 1.0 : Cookie analyzer for Internet Explorer.
* Rifiuti 1.0 : "Recycle BIN" analyzer.
* Bmap 1.0.20 : Detect & Recover data in used slackspace.
* Ftimes 3.4.0 : A toolset for forensic data acquisition.
* chkrootkit 0.44 : Look for rootkits.
* rkhunter 1.1.1 : Rootkit hunter.
* ChaosReader 0.94 : A tool to trace tcpdump/snoop files and extract application data from it.
* lshw A.01.07 : Hardware Lister.
* logsh : A script to log your terminal session (Borrowed from FIRE).
* ClamAV 0.75.1-3 : ClamAV Anti Virus Scanner.
* F-Prot : F-Prot Anti Virus Scanner.
* 2 Hash 0.2 : MD5 & SHA1 parallel hashing.
* glimpse 4.18.0 : Indexing and query system.
Network Utilities
* g4u 1.17 : Ghost for Unix.
* LinNeighboorhood 0.6.5-3 : Linux network neighborhood.
* ntop 3.0-3 : Network top, protocol analyzer.
* iptraf 2.7.0-5 : Network monitor.
* arping 2.01-3 : Ping hosts by MAC.
* arpwatch 2.1a13-1 : Another arp tool.
* macchanger 1.4.0-1 : Change your MAC addr. works with wireless too.
* mtr 0.58-1 : X11 traceroute.
* samba 3.0.5-1 : File and print services to SMB/CIFS clients.
Servers
* sshd 3.8p1 : Server to provide secure encrypted communications.
* vnc 3.3.7-1 : Virtual Network Computing.
* mysql 4.0.20-11 : Open source database server.
* netcat 1.10 : Utility which reads and writes data across network connections.
* GNU netcat 0.7.1 : Utility which reads and writes data across network connections.
* cryptcat 1.10 : Utility which reads and writes data across encrypted network connections.
Packet Sniffers and Assemblers
* ethereal 0.10.6-1 : Network traffic analyzer.
* ettercap 0.7.0-1 : Sniff on a switched network and more.
* ngrep 1.42-1 : Network grep.
* tcpdump 3.8.3-3 : The main network dump program (libpcap 0.7.2-5).
* tcpreplay 2.2.2-1 : Replay tcpdump or snoop captures.
* dsniff 2.4b1-6 : Doug Songs wonderful sniffing utilities.
* ipgrab 0.9.9-1 : Pen Register, only gets TCP Header information.
* TcpTrack 1.1.3-1 : Sniffer which displays information about TCP connections.
* Snort 2.2.0-1 : The IDS of Choice.
* Sguil 0.5.2 : Sguil Client.
Vulnerability Assessment
* nessus 2.0.10a-6 : Best open source vulnerability scanner (username and password is helix).
* nasl : Command line to nessus to trigger nasl scripts directly.
* nmap 3.55-1 : The network port mapper (w/ a gui front-end).
* Nikto 1.32-1 : Whisker replacement cgi web vulnerability scanner.
* hping2 2.rc3-3 : Port scanner, host enumerator, packet assembler, traceroute on any port.
Wireless Tools
* aircrack 1.4 : Better WEP crack than Airsnort.
* airsnort 0.2.4a-1 : WLAN Sniffer, crack WEP.
* airtraf 1.1 : Another wireless locator tool.
* kismet 2004.04.R1-5 : The best 802.11x monitoring tool.
* kismet log viewer 0.9.7 : A log management program for kismet.
* macchanger 1.5.0-1 : Change your MAC address.
* gpsd 2.09-1 : GPS Daemon.
* Misc : Other wireless information.
o Patched orinoco drivers by default.
o Cisco CVS drivers (cisco_wifix, eth0:wifi0, cisco).
o Intel Centrino IWP2100 drivers with hostap for both kernels." -
quote source
"Helix is a customized distribution of the Knoppix Live Linux CD. Helix has more than just a bootable live CD. You can still boot into a customized Linux environment that includes customized linux kernels (2.4.27 & 2.6.7), excellent hardware detection and many applications dedicated to Incident Response and Forensics. Helix has been modified very carefully to NOT touch the host computer in any way and it is forensically sound. Helix wil not auto mount swap space, it will also not auto mount any found devices. Helix also has a special Windows autorun side for Incident Response and Forensics. Helix is used by
SANS for training in
Track 8: System Forensics, Investigation and Response.
Helix focuses on Incident Response & Forensics tools. It is meant to be used by individuals who have a sound understanding of Incident Response and Forensic techniques." -
quote source
