New Auditor Live CD Released

Quote:

---

It's a nice edition IF YOU LIKE THAT SORT OF THING, but it has absolutely nothing to do with whether VW has made a good automobile.

---

Ya but people like shiny new pennies and such. ;)

Too bad they don't have a torrent. They could save themselves a lot of money by using other people's bandwith...

Thanks for the link. I downloaded it at work the other day but forgot to burn it so I have to download again before I can play. :(

The auditor and whoppix CDs are my favorite live distros.

For those who have used both, would you say Auditor Live is better than Phlak ( http://www.phlak.org/modules/news/ ) or Knoppix-STD ( Security Tool Distribution http://www.knoppix-std.org/ )?


PuRe

In my opinion...I like Auditor than phlak or knoppix-std. You don't need two pcmcia cards to do wireless penetration testing (cracking wep using aircrack,etc), check out articles on securiyfocus about "wep dead again part 2".

One thing I don't like from Auditor..I have to run that live cd as "root" and I couldn't use internet connection using adsl/broadband ( I think they removed rp-pppoe for internet connection) but I still can get online using my wireless connection.

Thanks for the post Ms.Mittens - anymore like that would be appreciated by us auditors, we need all the help we can get - and especially for the wireless lans. We are now auditing those as well.

Oh - we also picked up cell phones that our company pays for - so anything for checking those out would be cool - we are just starting to look for some decent tools.

Thanks again - good stuff!

I agree about the image manipulation, if you are going to spend time compiling a shiny report for a higher up, you would more than likely invest that amount of time at another machine. Roger that.

Auditor seems way better than phlak IMHO and I now run it now sits right next to my knoppix-std cd.

Bravo MsM for the update.

OK, I'm a convert. I like it. I've used it. Good stuff.

I still stand by me thoughts about the image software. I can even see why it's added, but do we really need to make a big deal about it being included? It's like advertising that you have ashtrays in your new top-of-the-line safety conscious car. Whoop-dee-doo.

For those of you interested, this is becoming the standard tool for <company-name-withheld-to-protect-the-guilty> consultants to run Kismet for site assesments. I still like my custom built on-the-hard-disk linux install, but for a live-linux tool, this one is pretty solid.

Ola:

This looks like an awesome tool for forensics and investigations, but how would you save anything off that you find through scanning and the like? Would you configure up your NIC and then connect to a share or flash drive? Or could you still access your local harddrives?

Gracias.

First off, you would *never* save anything you found off to local harddrives. Doing so would compromise the drive by altering the state you fond it in, quite unecessarily. This violates the first rule you should be observing when conducting any type of forensics work.

Sure, you may know that nothing you did affected the evidence in any way, but you're not going to be able to prove that in court, whether that should be either a civil lawsuit or a criminal trial.

You could instead use netcat to pipe the results out to a computer elsewhere on the network, or mount a USB stick or flash drive as you suggested. It's not at all difficult, and the methods used to do this would be no different than on any other hard drive based system.

Or the drive could be mounted in a forensics workstation and all data saved to a separate drive.

So yes, you could still access your local harddrives. A forensics CD would be rather pointless if you couldn't. What would there be to investigate? But, to actually do so would be a *bad* idea, unless you had another local hard drive to save it to.

You can access local drives and/or mount a USB drive. man mount should help you with this endeavour. :)