Presentation on theme: "The Penguin Sleuth Kit By Ernest Baca"— Presentation transcript:
The Penguin Sleuth Kit By Ernest Baca
What is the Penguin Sleuth Kit? The Penguin Sleuth Kit is a Bootable Linux CD distribution based on the KNOPPIX Linux distribution. The base distribution for both Penguin Sleuth and KNOPPIX are both based on the Debian distribution of Linux. The Penguin Sleuth Kit is a fully functional GUI distribution of Linux which has both GUI and command line Computer Forensic and Security Auditing Tools. The Penguin Sleuth Kit is a versatile Linux CD which enables you to preview a suspects computer or conduct a Computer Forensics Exam. The Penguin Sleuth Kit also has a variety of Security Auditing Tools for INFOSEC Personnel. The Penguin Sleuth Kit can also used for incident response or as a rescue system.
Features of Penguin Sleuth The Penguin Sleuth Kit runs a variety of GUI interfaces including KDE, Gnome, Icewm, and Flux. The Penguin Sleuth Kit has over 2 gigabyte of software installed on a 700 megabyte CD. The Penguin Sleuth Kit can be run from a command line or straight from a GUI environment. The Penguin Sleuth Kit has automatic hardware detection which is better than most bootable distributions of Linux. The Penguin Sleuth Kit enables you to be flexible with hardware detection by utilizing boot options which gives you the ability to boot a large majority of modern computers and servers. The Penguin Sleuth Kit enables encrypted remote access of a suspect computer.
What is the difference between KNOPPIX and The Penguin Sleuth Kit? Penguin Sleuth is a modified version which has been modified to be more Computer Forensic friendly. The most notable is that it will not auto-mount a Linux swap partition which KNOPPIX does. Some software has been removed from KNOPPIX to make room for Computer Forensic and Security Auditing Tools. A variety of Computer Forensic and Security Auditing Tools are installed which can not be found on KNOPPIX.
End Result? KNOPPIX on Steroids!
Some things that can be done with The Penguin Sleuth Kit Enables an examiner to conduct an initial preview of a suspects computer without altering the state of the suspects hard drive (Instructions included on CD). Enables an examiner to image a variety of media to include, hard drives, digital camera’s, thumb drives and multimedia cards in a format recognizable by all major forensics tools. Enables an examiner to authenticate digital evidence. Enables an examiner to examine a variety of file systems not supported by Windows Tools. Enables an examiner to conduct a Forensic examination of a Linux System without having a Linux system installed on his computer. Enables INFOSEC personnel the ability to do security auditing on network systems. Enables network administrators and INFOSEC personnel to conduct immediate Incident Response to Security breaches or system crashes. Enables users to conduct system rescue operations.
Limitations of Penguin Sleuth Linux currently has an issue with the Rieserfs file system which can be noted on my KNOPPIX validation paper which is included on the CD or can be found on my website. Older computers have a hard time booting due to no CD boot option, lower memory and limited video. Although this distribution can be used to conduct forensics examines some tasks are somewhat more tedious than other Computer Forensics Tools. The Penguin Sleuth Kit is not guaranteed to boot on every system. Which gives way to other bootable CD distributions.
Other Boootable CD Distributions of Linux White Glove Bootable Business Card Damn Small Linux ADIOS KNOPPIX PLAN-B Morphix KNOPPIX-STD Cluster KNOPPIX Many others! Links to these distributions can be found on my website.