Re: NKADM rootkit - Something new?

["Robert P. McKenzie" <rmckenzi () rpmdp com>]

Paul Schmehl wrote:

> Since I posted my response in this thread, I've gotten several requests 
> for my "tool list".  There's really nothing magical about it.

> You might want to consider Knoppix instead.  It comes with a boatload of 
> extra stuff you won't use for forensics, but it's a good way to get 
> familiar with unix, if you're not already.  It even has a working 
> version of snort with ACID!
>
> Go to http:www.knoppix.net/ for more information.

The tools listed are all indeed very good tools.  I might also suggest getting a 
copy of the bootable linux CD offered by:  http://insert.cd

This has all the tools of knoppix and likely some more (they will hopefully be 
adding more forensic tools in the next release), and it's only a 51 meg ISO, 
fits onto business card type cd's, I use the 200 meg mini cd's myself.  With the 
addition of 2 files from a windows machine, the Captive tool will let you read 
AND WRITE to NTFS disks.  This has become my most favorite recovery CD, mostly 
because it does the works (fully networked, with support for modems, ISDN, ADSL, 
etc, etc) and fits on a mini-cd's.

Cheers!!!

--
Robert P. McKenzie                 |   GammaRay Technical Services LLC
rmckenzi () rpmdp com                 |             rob () gammaray-tech com
http://www.uk-experience.com       |      http://www.gammaray-tech.com