Newsflash

I am proud to introduce the new Penguin Sleuth Kit!  This is the initial release and is only available for download through a Bit Torrent Link provided by vmware.com. Visit forums for details.

 

Google AdSense

Home arrow Local News arrow Penguin Sleuth Kit News arrow New Penguin Sleuth Kit Statement
New Penguin Sleuth Kit Statement PDF Print E-mail
Written by Ernest Baca   
Monday, 12 June 2006

After a 2 year hiatus from the Linux Forensics community, I started to ponder on the future of Linux-forensics.com and the Penguin Sleuth Kit. First I figured that the Bootable CD concept really took off. I know that Systems Admins and hard core forensics people had been using these types of CDs prior to the Penguin Sleuth, and there were in fact several forensics Boot CDs out when the Sleuth came around. My goal of the Original Penguin Sleuth project was to bring the Linux Forensics platform to the common investigator without the intimidation of Linux, while maintaining the power and functionality of a full powered Linux System. I discovered the Knoppix project and basically modified the distribution to make it more forensic friendly and created a new distro. Face it, what I did was not rocket science and not a new concept at all. All I did was take two concepts. One, I used the power of Linux as a forensics and data security tool. Two, I presented it in a Knoppix easy to use fashion. This gave the best of two worlds and sort of brought the geek world closer to the real world.

Although I was not new to the computer world and Unix, I was very new to Linux. Since the inception of the Penguin Sleuth, Bootable CD distributions have boomed. There are several awesome Forensics type Bootable CD's out there. These CD's have surpassed the Penguin Sleuth by leaps and bounds. I met so much resistance at first. How dare someone introduce Linux in a simple fashion. Bootable CD distributions where for advanced forensics, how could I release a GUI Linux forensics bootable CD? Well, I did and look at where we're at now. I in no way take credit for this boom. I have always said, I'm not in this to become famous. I am in this to promote the Linux operating system and to try to promote thinking outside the forensics box. Since becoming involved with computer forensics, I have noticed that sometimes we get so tied up in common practices that we forget that technology is running at light speed. In other areas of Law Enforcement we can afford to move slowly but when it comes to technology, today's best practice is tomorrow's memory. When I do admit that best practices is probably the most important part of forensics, I also believe that we can't afford to fall behind the technology curve. We need to balance research and testing time also. The other issues we face are portability. The days of sitting back in the lab are gone. We find ourselves doing more time mobile than back in the office.

Now this brings me to my new and innovative idea. I was fooling around with VOIP and stumbled across a software PBX System called Asterisks which runs on the Linux Platform. I decided to start messing around with it. I have to admit, I hadn't used my Linux system in a while and had wiped it off my hard drive. I am a big Gentoo Linux user so I was preparing to go through the process of bringing my dual boot system back up and running. Upon further research, I found a Virtual Machine that runs inside of VMware. This Virtual Machine contained a full CentOS distribution of Linux and the Asterisks PBX on it. I decided what the heck, I would run the VMware virtual machine for testing before installing my dual boot system again. What the hec, I've always been a fan of VMware. I also found out that VMware had released a free version called VMware Player and VMware Server. VMware Server is still in Beta but my understanding is that it will remain free when it is fully released. Upon looking at the server product I noticed that this would work perfect for my geek project. More details on these products can be found at the VMware website. Upon further research I was amazed at how far VMware has come. I also noticed a concept VMware has been pushing. This concept is called the Virtual Appliance. The way it works is that you create a virtual machine to do different specialized tasks. The idea is being able to partition a server in to several servers using virtual machines. These virtual machines reduce deployment time, save money on hardware, etc. Perfect example is my home PBX. I am running it on VMware server in the background while I am running Windows XP normally on my machine. I have a high end machine and can't even tell it's there. I have even played some high end games while running my PBX server with no problem. Now, I started thinking, why couldn't you create a Linux Forensics Virtual computer appliance / platform.

The ideas on uses can be endless. First and foremost you can actually run a Linux platform within Windows, or think of those who want to image in Linux and conduct an exam at the same time in Windows. The advantage is also the reduction in install and development time. Almost like having the forensics computer ready to go immediately. What about the newbies that want to learn or fool around with Linux? I think this idea could even be more of a solution for the security side of the house than the CD solution. You could install this virtual platform on to a network, do your auditing within the virtual world. This would enable you to put up a honeypot, do auditing and guess what anything malicious ends up on the virtual machine only. You can even put it on the host server if you don't have additional hardware. This would enable a maximum uptime on the server while doing live auditing. Just a taste of ideas here nothing more. This is something, I am sure is already being done.

Just like the bootable CD, this is not a new idea. We have been using VMware for a long while within the computer forensics community for one thing or another. The concept here is bringing this tool to the front. The technology is there why not use it! I would like to thank all those who have given feedback and apologize if I have not been on the testers forum as I had a personal family siuation. If you don't have VMWare Workstation you can download VMware Player or Server for free. I will be putting up the Wiki in order for members to post how-tos.

Please be patient as I am trying to release things as fast as possible as well as update the website. To much stuff to little time.....

www.linux-forensics.com
Home of the Penguin Sleuth

This release is available through the following Bit Torrent Link,  If you like it feel free to rate it on the VMware page:

http://www.vmware.com/vmtn/appliances/directory/249

You can also download it via sourceforge at: 

http://sourceforge.net/projects/psk

The original Penguin Sleuth Bootable CD will still be available for download and through the store.

Last Updated ( Tuesday, 13 June 2006 )
 
< Prev   Next >
© 2017 penguinsleuth.org
Joomla! is Free Software released under the GNU/GPL License.