View Poll Results: How do you handle employees that leave your organisation?
- 7. You may not vote on this poll
Have a procedure to remove access but we don't audit it
We have a procedure to remove access AND we audit it
We don't have a procedure but we run routine checks for dormant accounts
We have no procedures or routine checks I am aware of
February 23rd, 2006, 03:39 PM
Preferred Live-CD Toolkit?
I have been using Auditor for some time now (Thanks MsMittens! I can admit it when I'm wrong.) and am very happy with it...but I'm always wondering if the grass is greener on the other side of the fence. I've heard of Whoppix and Whax, but I have no experience with them, or any other live forensic-security toolkit images.
So tell me what you like, and why? What's hot these days? What are we all using?
If you want to add an option to the poll, just indicate it in the thread and we'll add them as we go!
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore
February 23rd, 2006, 03:48 PM
No Helix? I was just playing with it this morning in a VM to see how it behaves there (installs nicely on GSX 3.2) as well as to see what tools it has. Not a huge selection but some.
February 23rd, 2006, 03:52 PM
I have grown to love PHLAK. It is very easy to use, and brings a large selection of security apps. There are a few minor ones I was looking for which I couldn't find on the CD, but that is to be expected. Auditor is also great, but I think I'd put both on a par - I can't really make my mind up between them!
I have heard quite a lot about Arudius lately, but I haven't had the time to try it. It's pretty small (IIRC it's under 250MB), but it claims to bring quite a lot of apps. Again, I haven't tried it, but you might like to give it a go. Whax I've heard is also the current 'bleeding-edge LiveCD toolkit', but I haven't tried it either.
Knoppix-StD was good, but it hasn't seen an update in a while so the apps are quite old.
My final choice? Probably PHLAK, although Auditor is also brilliant. Both are missing a few remote apps, but they're both good. Maybe I should build my own...
 These are more security LiveCDs than forensic ones, but I'm sure they all have some forensic apps.
February 23rd, 2006, 04:00 PM
I just tried Backtrack.. It's a merge of Whax and the Auditor..
first of all, we wish everyone a happy new year and we are shure that your are awaiting a new version of the Auditor Security Collection. We have to regret, that there wont be a new version, but there will be a new version of the BackTrack, which is the replacement distro of Whax and Auditor Security Collection. the development team makes great progress and we getting more and more stable.
In addition to this we get closer with vmware and are 99% able to integrate vmplayer into BackTrack :-) hurray!
Experience is something you don't get until just after you need it.
February 23rd, 2006, 05:17 PM
No Nubuntu? I know it is still "new" and all, but I have used it a couple of times and it is clean and easy.
The main goal of nUbuntu is to create a distribution which is derived from the Ubuntu distribution, and add packages related to security testing, and remove unneeded packages, such as Gnome, Openoffice.org, and Evolution. nUbuntu is the result of an idea two people had to create a new distribution for the learning experience. Many people ask, "What makes it better than X?", or "Why should I use this over Y". Our answer to this question is, we don't not think about whether people are using it or not. We are more concerned about the learning process. If you want to try something with a clean interface, fast, and an excellent range of programs please don't hesitate to download nUbuntu.
Some of the main security packages:
* John the Ripper
Give a man a match and he will be warm for a while, light him on fire and he will be warm for the rest of his life.
February 23rd, 2006, 07:41 PM
February 23rd, 2006, 08:19 PM
ok... now it is listed. ty.
February 23rd, 2006, 08:49 PM
knoppix STD is pretty nice.
February 23rd, 2006, 09:28 PM
I have compiled a list of emails which discussed this very topic recently on the SecurityFocus pen-test mailing list. Here's the link to it: clicky.
 Note: First emails at bottom, newest towards the top (sorry about that). Emails separated by line of equals (======).
[edit2] There's also some more info available in this post.
February 23rd, 2006, 09:30 PM
I hadn't heard of Backtrack until SirDice threw it up here in this thread, but after reading up on it, it sounds pretty amazing. I have used Whax on numerous occasions. It had something like over 157 security related tools built in. Now, fusing the best features from both live cd's.... definitely going to have to give it a whirl!