I've been using the Penguin Sleuth Kit for the past 12 months or so, and have nothing but praise to say. Using this tool I was able to quickly obtain forensic grade images of hard drives using the included tools.
In my many travels over the internet I found that I needed a couple more things from a LiveCD than PSK offered - the latest kernel, to avoid those last sector issues, and an easy to use interface, for staff I trained up to secure images of systems. I had developed a reasonably complex (for an untrained user) dcfldd command by adapting several things I had seen on forums, and didn't think it was reliable or professional to have staff typing in this command as they read it off a cue card.
Therefore I contacted one of my friends, thankfully pretty adapt at most things GNU/Linux, and put him to task to develop our new Forensic LiveCD - the Vital Data Forensic or Rescue Kit (FoRK). The CD was to be based on Knoppix 3.6, and needed two modes - imaging mode, the default, that loaded to runlevel 2 and presented the investigator with an easy to use console interface that would capture their entered information and allow them to select source, destinations and case information, then capture a forensic grade image at the hit of a key.
I also liked the "preview" mode that PSK provided, so I asked that we provide a "desktop" option at boot so that an investigator could boot to a GUI and do what he/she needed. We selected GNOME instead of KDE as we thought it would be a bit lighter to run, and easier for our staff to use, but that was just a preference thing - no need to start that debate here.
The result of this is the Vital Data FoRK v1.0.0 - and we are proud to announce that we are offering this CD to anyone who wants a try. You can get information about it at http://www.vitaldata.com.au or http://www.forensicit.com.au, and access the download at http://www.forensicit.com.au after free registration.
We would like as many people as possible to download, try and comment about our tool. If you would link to it from your site, we would appreciate the extra interest.
We would also like to extend a big thank you to Ernest Baca for providing the basis of our ideas, and Jay Scott for donating his development time.
New opensource computer forensics tool - Vital Data FoRK
3 posts
• Page 1 of 1
New opensource computer forensics tool - Vital Data FoRK
by blaresutton » Tue Nov 09, 2004 4:40 am
- blaresutton
- Posts: 1
- Joined: Tue Nov 09, 2004 4:37 am
- Location: Melbourne, Australia
*by anony » Tue Nov 09, 2004 9:29 pm
Name: Vital Data FoRK
(based on Knoppix 3.6)
Website:
http://www.vitaldata.com.au
Download:
http://www.vitaldata.com.au/modules/mydownloads/
Minimum and maximum size: 495 MB
Function: Forensic
Language: English
PS:
Is there any mirror of ISO on Planetmirror (OZ), Pacific.net.au, Optus.net etc?
If Vital Data cannot afford the FTP bandwidth, perhaps they should create a BitTorrent version:
http://www.tlm-project.org
(based on Knoppix 3.6)
Website:
http://www.vitaldata.com.au
Download:
http://www.vitaldata.com.au/modules/mydownloads/
Minimum and maximum size: 495 MB
Function: Forensic
Language: English
PS:
Is there any mirror of ISO on Planetmirror (OZ), Pacific.net.au, Optus.net etc?
If Vital Data cannot afford the FTP bandwidth, perhaps they should create a BitTorrent version:
http://www.tlm-project.org
- anony
- Posts: 145
- Joined: Thu Oct 07, 2004 5:17 am
3 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 1 guest