Good Linux Security LiveCD - recommendation needed.
 

I need a good recommendation for a Linux LiveCD that has a good selection of tools to detect and eliminate security threats. I am more worried about key loggers and other data miners than I am with virus and standard malware.

The machine that I need to scan is a Dell laptop with Windows Vista (groan).

I am by no means a security expert or a Linux expert. But I have used Linux multiple times to diagnose and repair other problems. I have a very good working knowledge of computers in general. And am use to trolling forms and google for answers. I have no problem having to read the FAQ's and other helpful documents.

Any recommendations would be greatly appreciated!

Thanks
-Ash

check out knoppix.

Ncsuapex:

I was looking for something more like OPHcrack, than a distro. But if i have to go a normal distro and just use pre existing utilities / programs, that's no problem. All I need to know is which utilities / programs you would recommend to search for this stuff.

Thanks again.

Also are you at NC State?

Google=Linux security tools and Google=Linux security distros.

If you want a penetration testing LiveCD then I would go with Backtrack 3. BT3 doesn't have Ophcrack supplied with it but you can always add it later. If Ophcrack is what you need then there is a Ophcrack LiveCD from their site. I've never used the Ophcrack LiveCD so I don't know how it works but I have used the Ophcrack program and it works pretty good with the free tables they provide. Another pentest distro to look at would be Pentoo, which is based off of Gentoo.

 

Larryhaja, thanks for the recommendations. I will definitely check it out!

The google search was the first thing that I did. I read about distro's like BackTrack, Operator, PHLAK, Knoppix-STD etc... I was just hopping for a more personalized recommendation.

For clarification I was referencing OPHcrack not because I need to crack a password on them laptop. It was because you just put in the OPHcrack cd in, it boots up and does it's thing. You don't have to babysit it or anything. I was looking for something similar to that but with security scanners instead of a password cracker on it.

Also I guess I should have told everyone exactly what i am using this for; I have to scan a Dell Laptop (Vista) for all sorts of data mining utilities. The reason for this is I have a friend who's ex boy friend took her identity and opened up credit cards and various other things in her name. Then racked up about 30K in debt. Now the police charged him with 8 different crimes. He then proceeded to not show up for his arraignment and now is on the lam. The point of all that is the jackass is a sneaky bastard. And did install key loggers multiple times on her computer already.

Now my personal opinion is to just "boot and nuke" the laptop and then reinstall everything. But she won't let me do that because....well I don't know the reason why she won't let me do it. So I am stuck having to scan the damn thing for anything I can think of. Now while I have scanned it with multiple windows applications, I just don't trust them. Thus looking for a linux solution.

Hope that helps. Sorry it was such a long explanation and wasn't in the first post. I appreciate the help!

I would actually think that Windows applications for scanning Windows systems in this manner would be a thousand times better than anything available on GNU/Linux. I think you should explain to her the unnecessary risk she is submitting herself to by not wiping the disk and getting a fresh start. Perhaps she's scared that you'll mess things up and stuff, but don't Dell laptops all come with some kind of CD which makes a clean install virtually foolproof?

Yes, I believe a Windows tool would have better programs to deal with this type of issue. In addition to win32sux reply, once a Windows computer has been compromised you can never be 100% certain that the keylogger/virus/worm or what have you has been successfully removed from the system. It would be best to backup the data, reformat the drive, and start new.

But if you want to go the Linux route there is a ClamAV Live CD that may be worth checking out. I've never used ClamAV, so I don't know how useful it will be.
http://www.volatileminds.net/projects/clamav/
You might also want to check out chkrootkit to check for rootkits. It may be overkill but it sounds like your friends computer is really compromised.

Umm, if this guys is being charged with crimes and you have reason to believe he criminally tampered with this laptop, you shouldn't be altering data on the disk (too late, unfortunately). Make a forensically acceptable copy of the drive and seal it in a tamper-evident container with your initials on it and the date the copy was made. Then wipe it and reinstall. If you want to search the drive for malware, make a second copy before you wipe it and use the second copy for your own research.

I want to thank everyone for their suggestions!

Because of the criminal investigation I had already planned to make an image or her laptop. A before and after imagine in fact. I think I am just going to have to convince her that we are going to need to reformat that thing. And I guess showing her this thread might be a good way to start.

But I will probably give the Linux stuff a try just to mess around with it. I have really liked what I have worked with so far. The is no reason I shouldn't mess around, have some fun and gain some knowledge.

Thank you again.

That's the point of making two copies: One for law enforcement, and one for you to play with while the user reinstalls their OS and gets on with their life. Hard drives aren't very expensive these days. Heck, if you have enough free space on one of your drives you could simply dd the infected drive to a file and then mount it as a loopback device.

By the way, I can stress strongly enough: Make a copy for evidence now, you can play around with other stuff later. The longer you delay the less chance the copy will be in any way usable as evidence.

I'm going to make an image of it as soon as she brings it to me.