If you plan on using Kali for real world forensics of any type, we recommend that you don’t just take our word for any of this. Anything that you do as a user is on you. The idea behind this is simple: in forensic mode, nothing should happen to any media without direct user action. USB thumb drives, CDs, and the like will not be auto-mounted when inserted. The other, equally important, change is that auto-mounting of removable media is disabled. These hashes matched, indicating that at no point was anything changed on the drive in any way. After using Kali for a period of time, we then shut the system down, removed the hard drive, and took the hash again. We then reattached the drive to the computer and booted Kali Linux “Live” in forensic mode. A hash was taken of the drive using a commercial forensic package.
We verified this by first taking a standard system and removing the hard drive. If there is a swap partition it will not be used and no internal disk will be auto mounted. When booted into the forensic boot mode, there are a few very important changes to the regular operation of the system:įirst, the internal hard disk is never touched.
Kali Linux comes pre-loaded with the most popular open source forensic software, a handy toolkit when you need to do forensic work.When a forensic need comes up, Kali Linux “Live” makes it quick and easy to put Kali Linux on the job.Kali Linux is widely and easily available, many potential users already have Kali ISOs or bootable USB drives.The “Forensic mode live boot” option has proven to be very popular for several reasons: Kali Linux “Live” provides a “forensic mode”, a feature first introduced in BackTrack Linux.
0 kommentar(er)
