Penguin Sleuth

Penguin Sleuth

Web site: linux-forensics.com (not active)
Origin: USA
Category: Forensics
Desktop environment: Fluxbox, IceWM, KDE, WindowMaker
Architecture: x86
Based on: Knoppix
Wikipedia:
Media: Live CD
The last version | Released: 1.0 beta1 | July 5, 2003

Penguin Sleuth – a Knoppix based bootable CD and a Vmware virtual platform. The Penguin Sleuth Kit adapts a great Linux resource to include tools that are useful when performing a forensic computer analysis & Security Auditing.

The Sleuth Kit (TSK) is a library and collection of Unix- and Windows-based utilities for extracting data from disk drives and other storage so as to facilitate the forensic analysis of computer systems.

Download

Penguin Sleuth 2003-07-05 i386 689MB.iso
md5sum: 8a0b0554ba8bacd17325faf570249dc9

 

URIX OS

URIX OS

Web site: urix.us
Origin: Bulgaria
Category: Forensics
Desktop environment: Xfce
Architecture: x86_64
Based on: openSUSE
Wikipedia:
Media: Live DVD
The last version | Released: 7.0.3 | January 30, 2016
Zobacz po polsku Zobacz po polsku: URIX OS

URIX OS (previously: NetSecL) – a general purpose, and security focused Linux distribution based on openSUSE.

URIX OS features a set of rules that protects your machine and some penetration tools to be preinstalled.
It is built using SUSE Studio, and uses Xfce desktop environment as default.

The latest version of URIX OS 7.0.3 is based on openSUSE Leap 42.1.

The project founder is Yuriy Stanchev.

Download

URIX OS 7.0.3 amd64 999MB.iso
md5sum: 32d0118e6791c15f77f96cf24c517d5a

 

Sectoo

Sectoo

Web site: www.sectoo.org
Origin: Unknown
Category: Forensics
Desktop environment: Xfce
Architecture: x86
Based on: Gentoo
Wikipedia:
Media: Live CD
The last version | Released: Pre-Alpha | June 1, 2006

Sectoo – a Linux distribution aimed to help all sort of people with tasks related to network security. Under the form of a LiveCD based on Gentoo Linux, users will be able to achieve tasks such as port scanning, packet sniffing, OS fingerprinting, intrusion detection, etc. and will enjoy using Sectoo Linux, whoever you are : Network Admin, Pentester, White Hat or Black Hat Hacker, etc.

Sectoo Linux attempts to provide an up-to-date and easy-to-use set of security tools.

Vulnerability Scanning: Sectoo Linux provides you base services such as port scanning using Nmap. You can then gather banner informations, looking for versions of services installed, and discover some exploits using Nessus. You can also use this to test what your IDS can pick up and what it can’t.

Network Analysis: Using a standard sniffer like TCPDump or Ethereal/Wireshark, you can see what’s going through a network in terms of protocols and content. And by using tools like p0f, you can achieve passive OS fingerprinting like never.

Secure Connectivity: Sectoo Linux is including OpenSSH, for securely administrating remote systems.

Download

Sectoo Pre-Alpha i686 401MB.iso
md5sum: 1438a1a207d8585f96f0537c6b90dd8d

 

Operator

Operator

Web site: www.ussysadmin.com/operator
Origin: Unknown
Category: Forensics
Desktop environment: KDE
Architecture: x86
Based on: Debian
Wikipedia:
Media: Live CD
The last version | Released: 3.3.20 | November 2, 2005

Operator – a Debian based Linux distribution that runs from a single bootable CD and runs entirely in RAM.

The Operator contains an extensive set of Open Source network security tools that can be used for monitoring and discovering networks. This virtually can turn any PC into a network security pen-testing device without having to install any software. Operator also contains a set of computer forensic and data recovery tools that can be used to assist you in data retrieval on the local system.

Up to version older than 3.3 Operator was based on KNOPPIX.
Starting with the 3.3 version, Operator was built from scratch by installing a basic Debian installation then adding the KNOPPIX functionality afterwards.

The latest version of Operator featured:
– Linux-Kernel 2.4.31
– KDE V3.3.2-1
– wine Windows Emulator
– Konqueror and Mozilla Firebird Web Browsers
– Koffice
– X Multimedia System (xmms) an MPEG-video, MP3
– Internet connection software kppp, pppoeconf (DSL)
– utilities for data recovery and system repairs, even for other operating systems
– network and security analysis tools for network administrators
– many programming languages, development tools
– more than 900 installed software packages with over 2000 executable user programs and utilities
– 100+ Unix/Windows Exploits and Tools ready to run

Minimum system requirements:
– Intel-compatible CPU (i486 or later),
– 20 MB of RAM for text mode, at least 96 MB for graphics mode with KDE (at least 128 MB of RAM is recommended to use the various office products),
– bootable CD-ROM drive, or a boot floppy and standard CD-ROM (IDE/ATAPI or SCSI),
– standard SVGA-compatible graphics card,
– serial or PS/2 standard mouse or IMPS/2-compatible USB-mouse.

Download

Operator 3.3.20 i386 602MB.iso
md5sum: 74b08dab680b00ddec19070d2f8e9d00

 

Helix

Helix

Web site: www.e-fense.com/helix/
Origin: USA
Category: Forensics
Desktop environment: Xfce
Architecture: x86
Based on: Knoppix
Wikipedia:
Media: Live CD
The last version | Released: 1.9 | July 13, 2007

Helix – a live Linux CD designed for live incident response. Helix is targeted towards the more experienced users and forensic investigators.

Due to Helix being a live disc it is possible to run it on a “suspect” machine whilst the installed operating system remains inactive, also live network forensics are possible when running the Helix Live Disc allowing for users to perform checks on networks that their machines are attached to.

Up to version 1.9, Helix was based on Knoppix.
The latest version of Helix 3 is based on Ubuntu.

Helix3 Enterprise is an easy to use cyber security solution integrated into your network giving you visibility across your entire infrastructure revealing malicious activities such as Internet abuse, data sharing and harassment. H3E also allows you to isolate and respond to incidents or threats quickly and without user detection through a central administration tool.

Download

Helix 1.9 i386 717MB.iso
md5sum: 4f4c270dd4f28a1acebabdc6b5d6d89a

 

Arudius

Arudius

Web site: sourceforge.net/projects/arudius/
Origin: USA
Category: Forensics
Desktop environment: Fluxbox
Architecture: x86
Based on:
Wikipedia:
Media: Live CD
The last version | Released: 0.5 | February 8, 2006

Arudius – a live CD Linux distribution based on Slax and Linux Live scripts.

It contains an extensive set of software tools used by information security professionals for information assurance and vulnerability analysis. Its goal is to include the most complete set of useful security tools and still maintain a small footprint so it can fit on a 210MB mini-CD.

The latest version of Arudius 0.5 was released in 2006.

Download

Arudius 0.5 i386 213MB.iso
md5sum: c0627a1ad85782d5fac8bd898c910808

 

GnackTrack

GnackTrack

Web site: www.gnacktrack.co.uk
Origin: United Kingdom
Category: Forensics
Desktop environment: Gnome
Architecture: x86
Based on: Ubuntu
Wikipedia:
Media: Live DVD
The last version | Released: R6 | March 2, 2011

GnackTrack – a Linux distribution based on Ubuntu which providing a penetration testing distro for Gnome fans.

GnackTrack contains mostly a collection of utilities for penetration testing, which have been organized in a few categories under the GnackTrack menu entry of the main menu.

Default applications include the Chromium, Firefox, Opera web browsers, Gedit text editor, FileZilla file transfer client, Wireshark and Zenmap network scanners, as well as the XChat IRC client.

The developer of GnackTrack is Matthew Phillips.
The latest version of GnackTrack R6 was based on Ubuntu 10.10 Maverick Meerkat.

Download

GnackTrack R6 i386 2.7GB.iso
md5sum: 3bc79e7bc733fd6d4a15b0fb075c3c64

 

Knoppix-NSM

Knoppix-NSM

Web site: www.securixlive.com/knoppix-nsm/ (not active)
Origin: Unknown
Category: Forensics
Desktop environment: Fluxbox
Architecture: x86
Based on: Knoppix
Wikipedia:
Media: Live CD
The last version | Released: 1.2 | May 9, 2007

Knoppix-NSM – a modified version of the Knoppix LiveCD, focused on network security monitoring.

Knoppix-NSM is not a preventative tool and does not focus on vulnerabilities.
It contains many very useful tools for detective network analysis, such as:
– Sguil to detect this network activity
– Basic Analysis and Security Engine (BASE) NSM for network monitoring and showing the port scan as well
– the following scans can by ran: FIN, XMAS, NULL, Operational
– Ntop to view statistical network data using – this can alert you to abnormal network such as 95% of all traffic being UDP packets.

The system works in a live session from a CD without installing to hard drive, but can be installed to a hard disk too.

Download

Knoppix-NSM 1.2 i386 383MB.iso
md5sum: 04aca38ccb6f010577e163836515ac95

 

NetSecL OS

NetSecL OS

Web site: http://netsecl.com/
Origin: Bulgaria
Category: Forensics
Desktop environment: Xfce
Architecture: x86_64
Based on: openSUSE
Wikipedia (PL): NetSecL OS
Media: Live USB
The last version | Released: 6.0 | September 27, 2015
Zobacz po polsku Zobacz po polsku: NetSecL OS

NetSecL OS – a security focused Linux distribution based on openSUSE.

NetSecL OS is a penetration testing distribution with the lightweight Xfce window manager, the hardened Linux kernel with grsecurity patches, a set of rules that allows for more extensive system auditing and protects you from stack overflows by making them non executable.

The system includes several penetration tools, such as:
– Metasploit framework
– packet sniffer Wireshark
– network monitor EtherApe
– Open Vulnerability Assessment System OpenVas
– port scanning Nmap
– security reconnaissance Skipfish
– password manager KeePassX

Additional packages included in the OS are: text editor Abiword, FTP client FileZilla and Wine, to run Windows programs in Unix.

Up to version 3.0 NetSecL OS was based on Slackware Linux, then switched to openSUSE as its base.
Up to version 6 NetSecL OS was a penetration testing distribution.
On the beginning of 2016, NetSecL OS changed its profile to a general purpose desktop oriented distribution, with a new name URIX OS.

The distribution developer is Yuriy Stanchev.

Download

NetSecL OS 5.0.59 x86_64 1.5GB.raw.tar.gz
md5sum: 04479e09eb0264cb474458374d02dd54

 

ForLEx

ForLEx

Web site: www.forlex.it (not active)
Origin: Italy
Category: Forensics
Desktop environment: LXDE
Architecture: x86
Based on: Debian
Wikipedia:
Media: Live DVD
The last version | Released: 2.0.5 | February 14, 2013
Zobacz po polsku Zobacz po polsku: ForLEx

ForLEx (Forensic Live Examination) – a Debian based, Linux distribution providing an open-source environment for forensic examinations.

The distribution offers several useful utilities for forensic analysis.
It uses a lightweight LXDE desktop environment on the top of the Debian “Squeeze” base.

The system doesn’t offer much pre-installed applications, but the most important are:
– FTK Imager – a disk imaging program
– Guymager – forensic imager for media acquisition
– ForLEx – disk mount manager
– Ophcrack – Windows Password cracker
– Iceweasel, gFTP, Wicd, AbiWord, Geany, Audacious

The latest version of ForLEx 2.0.5 was released in February 2013

Download

ForLEx 2.0.5 i386 738MB.iso
md5sum: 3fcc90c1f0dbb56179dc0ef0452b4eaf