The Penguin Sleuth Kit - PowerPoint PPT Presentation

Loading...

PPT – The Penguin Sleuth Kit PowerPoint presentation | free to download - id: 36d6c-ODM4Z



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

The Penguin Sleuth Kit

Description:

The base distribution for both Penguin Sleuth and KNOPPIX are both based on the ... The Penguin Sleuth Kit is a fully functional GUI distribution of Linux which has ... – PowerPoint PPT presentation

Number of Views:394
Avg rating:3.0/5.0
Slides: 10
Provided by: ernie3
Learn more at: http://www.dei.isep.ipp.pt
Category:
Tags: kit | penguin | sleuth

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: The Penguin Sleuth Kit


1
The Penguin Sleuth Kit
By Ernest Baca ebaca_at_penguinsleuth.com www.linux-f
orensics.com www.cybercopmail.com
2
What is the Penguin Sleuth Kit?
  • The Penguin Sleuth Kit is a Bootable Linux CD
    distribution based on the KNOPPIX Linux
    distribution.
  • The base distribution for both Penguin Sleuth and
    KNOPPIX are both based on the Debian distribution
    of Linux.
  • The Penguin Sleuth Kit is a fully functional GUI
    distribution of Linux which has both GUI and
    command line Computer Forensic and Security
    Auditing Tools.
  • The Penguin Sleuth Kit is a versatile Linux CD
    which enables you to preview a suspects computer
    or conduct a Computer Forensics Exam.
  • The Penguin Sleuth Kit also has a variety of
    Security Auditing Tools for INFOSEC Personnel.
  • The Penguin Sleuth Kit can also used for incident
    response or as a rescue system.

3
Features of Penguin Sleuth
  • The Penguin Sleuth Kit runs a variety of GUI
    interfaces including KDE, Gnome, Icewm, and Flux.
  • The Penguin Sleuth Kit has over 2 gigabyte of
    software installed on a 700 megabyte CD.
  • The Penguin Sleuth Kit can be run from a command
    line or straight from a GUI environment.
  • The Penguin Sleuth Kit has automatic hardware
    detection which is better than most bootable
    distributions of Linux.
  • The Penguin Sleuth Kit enables you to be flexible
    with hardware detection by utilizing boot options
    which gives you the ability to boot a large
    majority of modern computers and servers.
  • The Penguin Sleuth Kit enables encrypted remote
    access of a suspect computer.

4
What is the difference between KNOPPIX and The
Penguin Sleuth Kit?
  • Penguin Sleuth is a modified version which has
    been modified to be more Computer Forensic
    friendly. The most notable is that it will not
    auto-mount a Linux swap partition which KNOPPIX
    does.
  • Some software has been removed from KNOPPIX to
    make room for Computer Forensic and Security
    Auditing Tools.
  • A variety of Computer Forensic and Security
    Auditing Tools are installed which can not be
    found on KNOPPIX.

5
End Result?
  • KNOPPIX on Steroids!

6
Some things that can be done with The Penguin
Sleuth Kit
  • Enables an examiner to conduct an initial preview
    of a suspects computer without altering the state
    of the suspects hard drive (Instructions included
    on CD).
  • Enables an examiner to image a variety of media
    to include, hard drives, digital cameras, thumb
    drives and multimedia cards in a format
    recognizable by all major forensics tools.
  • Enables an examiner to authenticate digital
    evidence.
  • Enables an examiner to examine a variety of file
    systems not supported by Windows Tools.
  • Enables an examiner to conduct a Forensic
    examination of a Linux System without having a
    Linux system installed on his computer.
  • Enables INFOSEC personnel the ability to do
    security auditing on network systems.
  • Enables network administrators and INFOSEC
    personnel to conduct immediate Incident Response
    to Security breaches or system crashes.
  • Enables users to conduct system rescue operations.

7
Limitations of Penguin Sleuth
  • Linux currently has an issue with the Rieserfs
    file system which can be noted on my KNOPPIX
    validation paper which is included on the CD or
    can be found on my website.
  • Older computers have a hard time booting due to
    no CD boot option, lower memory and limited
    video.
  • Although this distribution can be used to conduct
    forensics examines some tasks are somewhat more
    tedious than other Computer Forensics Tools.
  • The Penguin Sleuth Kit is not guaranteed to boot
    on every system. Which gives way to other
    bootable CD distributions.

8
Other Boootable CD Distributions of Linux
  • White Glove
  • Bootable Business Card
  • Damn Small Linux
  • ADIOS
  • KNOPPIX
  • PLAN-B
  • Morphix
  • KNOPPIX-STD
  • Cluster KNOPPIX
  • Many others!
  • Links to these distributions can be found on my
    website.

9
DEMO TIME!!!!!!!!!!!
About PowerShow.com