Good Linux Security LiveCD - recommendation needed.
I need a good recommendation for a Linux LiveCD that has a good selection of tools to detect and eliminate security threats. I am more worried about key loggers and other data miners than I am with virus and standard malware.
The machine that I need to scan is a Dell laptop with Windows Vista (groan). I am by no means a security expert or a Linux expert. But I have used Linux multiple times to diagnose and repair other problems. I have a very good working knowledge of computers in general. And am use to trolling forms and google for answers. I have no problem having to read the FAQ's and other helpful documents. Any recommendations would be greatly appreciated! Thanks -Ash |
check out knoppix.
|
Ncsuapex:
I was looking for something more like OPHcrack, than a distro. But if i have to go a normal distro and just use pre existing utilities / programs, that's no problem. All I need to know is which utilities / programs you would recommend to search for this stuff. Thanks again. Also are you at NC State? |
Google=Linux security tools and Google=Linux security distros.
|
Quote:
|
|
Larryhaja, thanks for the recommendations. I will definitely check it out!
The google search was the first thing that I did. I read about distro's like BackTrack, Operator, PHLAK, Knoppix-STD etc... I was just hopping for a more personalized recommendation. For clarification I was referencing OPHcrack not because I need to crack a password on them laptop. It was because you just put in the OPHcrack cd in, it boots up and does it's thing. You don't have to babysit it or anything. I was looking for something similar to that but with security scanners instead of a password cracker on it. Also I guess I should have told everyone exactly what i am using this for; I have to scan a Dell Laptop (Vista) for all sorts of data mining utilities. The reason for this is I have a friend who's ex boy friend took her identity and opened up credit cards and various other things in her name. Then racked up about 30K in debt. Now the police charged him with 8 different crimes. He then proceeded to not show up for his arraignment and now is on the lam. The point of all that is the jackass is a sneaky bastard. And did install key loggers multiple times on her computer already. Now my personal opinion is to just "boot and nuke" the laptop and then reinstall everything. But she won't let me do that because....well I don't know the reason why she won't let me do it. So I am stuck having to scan the damn thing for anything I can think of. Now while I have scanned it with multiple windows applications, I just don't trust them. Thus looking for a linux solution. Hope that helps. Sorry it was such a long explanation and wasn't in the first post. I appreciate the help! |
Quote:
|
Quote:
But if you want to go the Linux route there is a ClamAV Live CD that may be worth checking out. I've never used ClamAV, so I don't know how useful it will be. http://www.volatileminds.net/projects/clamav/ You might also want to check out chkrootkit to check for rootkits. It may be overkill but it sounds like your friends computer is really compromised. |
Umm, if this guys is being charged with crimes and you have reason to believe he criminally tampered with this laptop, you shouldn't be altering data on the disk (too late, unfortunately). Make a forensically acceptable copy of the drive and seal it in a tamper-evident container with your initials on it and the date the copy was made. Then wipe it and reinstall. If you want to search the drive for malware, make a second copy before you wipe it and use the second copy for your own research.
|
I want to thank everyone for their suggestions!
Because of the criminal investigation I had already planned to make an image or her laptop. A before and after imagine in fact. I think I am just going to have to convince her that we are going to need to reformat that thing. And I guess showing her this thread might be a good way to start. But I will probably give the Linux stuff a try just to mess around with it. I have really liked what I have worked with so far. The is no reason I shouldn't mess around, have some fun and gain some knowledge. Thank you again. |
Quote:
By the way, I can stress strongly enough: Make a copy for evidence now, you can play around with other stuff later. The longer you delay the less chance the copy will be in any way usable as evidence. |
I'm going to make an image of it as soon as she brings it to me.
|
All times are GMT -5. The time now is 10:01 PM. |