Having Live Linux CDs Ready for Forensics Purposes
You should have two different types of CDs (or other similar media) available for forensics purposes. Some are suitable for mounting on a compromised system to help the investigator download and otherwise save dynamic data from areas such as RAM. If you suspect a system has been compromised, you should not trust any of the executables on that system. They may have been replaced with substitutes that will hide the existence of malware. Others are suitable as forensic live media. As such, they can be used for booting diagnostic systems. Once booted, such media can be used to save a copy of the partitions and volumes configured on compromised systems.
Although you can certainly purchase expensive ...
Get Security Strategies in Linux Platforms and Applications, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
