1 / 9

The Penguin Sleuth Kit

The Penguin Sleuth Kit. By Ernest Baca ebaca@penguinsleuth.com www.linux-forensics.com www.cybercopmail.com. What is the Penguin Sleuth Kit?. The Penguin Sleuth Kit is a Bootable Linux CD distribution based on the KNOPPIX Linux distribution.

lyre
Download Presentation

The Penguin Sleuth Kit

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. The Penguin Sleuth Kit By Ernest Baca ebaca@penguinsleuth.com www.linux-forensics.com www.cybercopmail.com

  2. What is the Penguin Sleuth Kit? • The Penguin Sleuth Kit is a Bootable Linux CD distribution based on the KNOPPIX Linux distribution. • The base distribution for both Penguin Sleuth and KNOPPIX are both based on the Debian distribution of Linux. • The Penguin Sleuth Kit is a fully functional GUI distribution of Linux which has both GUI and command line Computer Forensic and Security Auditing Tools. • The Penguin Sleuth Kit is a versatile Linux CD which enables you to preview a suspects computer or conduct a Computer Forensics Exam. • The Penguin Sleuth Kit also has a variety of Security Auditing Tools for INFOSEC Personnel. • The Penguin Sleuth Kit can also used for incident response or as a rescue system.

  3. Features of Penguin Sleuth • The Penguin Sleuth Kit runs a variety of GUI interfaces including KDE, Gnome, Icewm, and Flux. • The Penguin Sleuth Kit has over 2 gigabyte of software installed on a 700 megabyte CD. • The Penguin Sleuth Kit can be run from a command line or straight from a GUI environment. • The Penguin Sleuth Kit has automatic hardware detection which is better than most bootable distributions of Linux. • The Penguin Sleuth Kit enables you to be flexible with hardware detection by utilizing boot options which gives you the ability to boot a large majority of modern computers and servers. • The Penguin Sleuth Kit enables encrypted remote access of a suspect computer.

  4. What is the difference between KNOPPIX and The Penguin Sleuth Kit? • Penguin Sleuth is a modified version which has been modified to be more Computer Forensic friendly. The most notable is that it will not auto-mount a Linux swap partition which KNOPPIX does. • Some software has been removed from KNOPPIX to make room for Computer Forensic and Security Auditing Tools. • A variety of Computer Forensic and Security Auditing Tools are installed which can not be found on KNOPPIX.

  5. End Result? KNOPPIX on Steroids!

  6. Some things that can be done with The Penguin Sleuth Kit • Enables an examiner to conduct an initial preview of a suspects computer without altering the state of the suspects hard drive (Instructions included on CD). • Enables an examiner to image a variety of media to include, hard drives, digital camera’s, thumb drives and multimedia cards in a format recognizable by all major forensics tools. • Enables an examiner to authenticate digital evidence. • Enables an examiner to examine a variety of file systems not supported by Windows Tools. • Enables an examiner to conduct a Forensic examination of a Linux System without having a Linux system installed on his computer. • Enables INFOSEC personnel the ability to do security auditing on network systems. • Enables network administrators and INFOSEC personnel to conduct immediate Incident Response to Security breaches or system crashes. • Enables users to conduct system rescue operations.

  7. Limitations of Penguin Sleuth • Linux currently has an issue with the Rieserfs file system which can be noted on my KNOPPIX validation paper which is included on the CD or can be found on my website. • Older computers have a hard time booting due to no CD boot option, lower memory and limited video. • Although this distribution can be used to conduct forensics examines some tasks are somewhat more tedious than other Computer Forensics Tools. • The Penguin Sleuth Kit is not guaranteed to boot on every system. Which gives way to other bootable CD distributions.

  8. Other Boootable CD Distributions of Linux • White Glove • Bootable Business Card • Damn Small Linux • ADIOS • KNOPPIX • PLAN-B • Morphix • KNOPPIX-STD • Cluster KNOPPIX • Many others! • Links to these distributions can be found on my website.

  9. DEMO TIME!!!!!!!!!!!

More Related