Benvenuto in prima pagina

ForLEx Live Acquisition Launcher

Written by Administrator
Sunday, 08 May 2011 19:01
Starting with this version, I inserted a new tool. This is usefull for doing a Live Acquisition of a running system (e.g. its RAM contents). As you know ForLEx is composed by two parts: 1) a bootable Linux Live O.S. with a lot of tools; 2) an auto-runnable tool, named “ForLEx Live Acquisition Launcher” I made this tool because I wanted to give the opportunity, during a live data forensics activity, dumping the RAM and then acquiring physical memory, but also acquiring system target information and capturing screenshots or check the processes running on the system. Of course these operations changes something on the target machine but there is no way to avoid making these changes. In order to conduct a live examination and then to capture data, it is necessary to execute tools on a running system, he execution of each tool will make changes to the running system. When ForLex Live Acquisition Launcher starts up, it shows an important message about target computer’s data protection. Pressing “ACCEPT” the user has redirected to a useful menu where can choose the right utility. In this menu there are three different area : Acquisition : delimits the tools usefull for acquisition of ram or storage "Winen32", a Guidance Software tool for RAM acquisition on 32bit systems "Winen64", a Guidance Software tool for RAM acquisition on 64bit systems "FTK Imager", an Access DATA tool for memory acquisition "RAM By Net", a tool for RAM acquisition in conjuction with NetCat "WINDD", a tool for RAM memory acquisition "MDD", a tool for RAM memory acquisition Inspecting : delimits the tools usefull for acquisition of information “AviScreen”, a freeware screen recorder; “CurrPorts”, allows to have a list of active processes, Process ID, protocol, local port involved, process path and other several information; “WinAudit”: it is the well known tool that allows a complete auditing for windows based computers “Hover Snap”: a freeware snapshot capturer; “PC On/Off time”: a useful tool which gives the possibility to see the timeline of the on/off target machine events. Utility : delimits system utilities "Shell", a system shell "Putty", an ssh client for remote shell "NetCat", an utility usefull to connects by network to another computer We can do PHYSICAL/HARD DRIVE acquisitions in different ways. ForLex provides Winen32 , Winen64, FTK Imager, RAM by Net, WinDD and MDD. All of them, for the execution use right shell residents on the distribution cd-rom. They doesn’t use system’s shell, so if that is corrupted (damaged/poisioned) we will be sure that our operations will not be altered. By the choose of a tool, on the screen will appear the follow message. It means that we can have a shell DOS with the command prompt lighting at the end of path (OPEN DIR) or instead, executing directly (EXECUTE) the tool. If we use RAM by NET (a good method for a minimum impact on the target system), we can choose the IP and Port destination, and the tool will show the command (in red). Clicking ACQUISITION, and before the tool starts the acquisition, the user receives a warning useful to correctly configure the destination. On the destination system we can choose where we want to store the stream capture. Before the user starts the acquisition, he receives a warning useful to control if we are on the right computer. I hope this new tool can be usefull for you forensic experience.
Last Updated on Monday, 09 May 2011 11:56

ForLEx Live CD 1.5.5 Released !!!!

Written by Luca Guerrieri

Wednesday, 27 April 2011 21:36

I'm proud to announce my latest version of ForLEx Live CD, ver. 1.5.5 !

In this version I have corrected some minor bugs and I have added upgraded some tools.

Another reason to download this new version is an improved control of the read/write permissions, the implementation

of the iScsi client and a new tool for Live Analisys on live systems.

Tools

The tools inserted into this version (v.1.5.5) are :

Editor

Biew	editor hex whit disassembler	home page
Lde	Linux Disk Editor like Norton Disk Editor	home page
Hexedit	File Viewer in Hex or ASCII	home page
nano	Text editor	home page
vim	Multipurpose editor	home page
Geany	Multipurpose editor	home page

System tools

GScanbus	scanner for IEEE1394	home page
ndiswrapper	utility for drivers windows related to wireless netcard	home page
dmraid	Manage raid disks	home page
dds2tar	Use dds features with tar	home page
tpconfig	Manage touchpad	home page
usbview	Scanner for usb devices	home page
p3nfs	Mount Palm/Symbian	home page

File tools

unzoo	Extractor for zoo files	home page
zip		home page
lzma	7-zip format	home page
lzop		home page
unrar		home page
unzip		home page
rox-filer	Fast powerfull file manager X Window.	home page
Endeavour II	file manager	home page

Utility

txt2regex	wizard for regular expressions	home page
dd_rescue	version error_tollerant of dd	home page
cabextract	Cab extractor	home page
uudeview	utility for send file using e-mail o news-group	home page
tofrodos	Convert text file	home page
sitar	System InformaTion At Runtime	home page

File System tools

macutils	tool for manage mac’s filesystem	home page
dosfstools	ms-dos fat file system filemaager	home page
genisoimage	tool to make image for burning	home page
mtools	collezionedi utility per manipolare file system msdos	home page
ntfsprogs	manipola file system ntfs	home page
wodim	command line cd/dvd writing tool	home page
xcdroast	command line cd writing tool	home page

Network tools

cryptcat	TCP/IP netcat with twofish encryption	home page
hping2	command-line utility TCP/IP packet assembler ed analyzer	home page
httptunnel	tunnel over http protocol <;/td>	home page
lftp	powerfull client ftp ftps http https etc.	home page
mtr	traceroute with X11 gui and ncurses	home page
ncpfs	tool for Netware Server	home page
netcat	Swiss army knife of TCP	home page
nmap	utility for network exploration and security auditing	home page

sswrap	wrapper for all protocols TCP based	home page
smbclient	client for server SMB/CIFS	home page

Graphical tools

ogle	Dvd viewer	home page
xloadimage	Graphical Viewer for X11	home page
photoprint	Utility for printing	home page

Forensic tools

Air	Automate Image Restore	home page
Ewf	Expert Withness Format	home page
LinEn	Linux Encase by Guidance Software	home page
foremost	Recovery tools	home page
hdparm	Manage hdparm parameters of the hard disk	home page
scalpel	Quickly file carver	home page
pasco	Analyze Internet Explorer	home page
podsleuth	forensic on iPod	home page
scrounge-ntfs	data recovery for ntfs partitions	home page
dcraw	utility per convertire il formato raw delle macchine fotografiche digitali in immagini	home page
wipe	wiping	home page

ForLEx Live-cd v. 1.5.5 is based on the distribution Knoppix Linux legacy from which the license.

If not otherwise specified, the software on the CD falls under the GNU GENERAL PUBLIC LICENSE. Similar to other Open Source licenses, this means that you can copy, modify, redistribute and even resell the CD without restrictions, as long as the recipient receives the same license. The source code of the standard packages on the CD are available from their respective original providers (for example on the FTP servers at Debian, RedHat, Mandrake). Special components such as the KNOPPIX kernel or the automatic hardware detection source code can be downloaded from http://www.knopper.net/download/knoppix/ if not already available in the /usr/src directory on the CD. Individual packages, as specified by the GPL, may fall under another license (for example Netscape). If in doubt, the licenses can be found in the help sections or the DEB-database (dpkg -p package-name) of each software package.

If you need to change the CD distributed here, being released under GPL remember to communicate to the author, through e-mail This e-mail address is being protected from spambots. You need JavaScript enabled to view it , and properly cite the source.

Disclaimer

This product is considered experimental and not complete, its use is at your own risk. The implementer can not be held responsible in any case for damage to hardware or software, loss of data, or other direct or indirect, as well as for damages resulting from use of this software. We recommend, however, test the functionality on non-critical devices while avoiding the use of which those not know, with certainty, the result of operations carried out. In some countries the cryptographic software and other components present on the CD are governed by regulations on export or even from software patents, which may prohibit the distribution or download. The lessee is liable for its compliance with all applicable laws. If you plan to use commercially or distribute (and sell) this CD and the software included in it, you have to acquire the necessary licenses and permissions from all holders of its copyrights, or remove these components before the start distribution.

Last Updated on Monday, 09 May 2011 14:01

Menu Principale

Login Form

Tools