Mash That Key Releases LosBuntu
What it
is...
LosBuntu
is a Live DVD Linux distribution (distro) that can be used to assist
in data forensic investigations. LosBuntu is the result of our
desire to have a bootable forensic distro with all of the tools and
features that we like, installed by us, controlled by us, and built
by us. LosBuntu was built using a clean installation of Linux Ubuntu
14.04 64 bit. Once the foundation was created, many open source
forensic tools were installed and tweaks were made to turn the
installation into LosBuntu. LosBuntu was then turned into a Live DVD
using the tool remastersys.
LosBuntu
has been tweaked to never automount media. Although it will boot a
computer without mounting its drives, it does not write block them
(LosBuntu may write to a pre-existing swap partition). The distro
was primarily designed for analyzing images and not booted computers.
Validated Linux distributions designed for acquisition have already
been released and should be used for that purpose. Remember to
always validate your results.
What it is not....
LosBuntu
is not better and should not be argued as better or worse than any other
distro. LosBuntu is simply another forensic distro. One that was
designed the way that we like it, and released to the public in an
attempt to give back to the forensic community. LosBuntu will save
you the time and trouble of having to install the tools listed
below.
One neat
usable feature...
Because
remastersys was used to turn LosBuntu into a Live DVD, you can re-use
remastersys to create your own live DVD distro. This means that you
can install LosBuntu to the hard drive, add just about any tool that
you wish to add, and then run remastersys to create a new version of
LosBuntu with any and all of the tools and tweaks you installed, in
essence, creating your very own version of LosBuntu. Change the
background, add or remove tools, do anything that you please.
LosBuntu was released to you so that you can use it, tweak it, and
improve it.
This is
the list of packages that we have added to LosBuntu:
7zip,
Abiword, Archivemount, Autopsy, Bkhive, Bleachbit, BTRFS-tools,
Bulkextractor, Chntpw, Chromium-browser, Clamtk, Dcfldd, Dconf, DFF,
Efw-tools, Exfat-fuse, Fileinfo, Filezila, Flashplugin-installer,
Foremost, FRED, Furiusisomount, Gddrescue, Gparted, Guymager,
Hexedit, Hfsprogs, Hfsutils, Jacksum, John, libbde-alpha-20141023,
libevt-alpha-20141229, libewf-20140427, libfuse-dev,
libfvde-experimental-20140907, libfwevt-experimental-20141026,
liblnk-alpha-20141026,
libpff-experimental-20131028,
libsmraw-alpha-20141026, libvhdi-alpha-20141021,
libvmdk-alpha-20141021, libvshadow-alpha-20141023, Log2timeline,
Nautilus-open-terminal, Pasco,
Python-TK,
Rar, Regripper plus plugins, Rifiuti2, Samdump2, Scalpel, SSH,
Testdisk, Truecrypt 7.1a,
Vinetto,
VLC, Volatility, W3m, Wine, Wireshark, Xmount, Zenmap
UPDATE on 4/26/2015: Packages added
aircrackng, bless, curl, lvm2, macchanger, nautilus-wipe, proxychains, pv, reaver, seahorse tools, sshfs, tor, traceroute, Volatility 2.4, whois, wifite
UPDATE on 8/29/2015: Packages added
recordmydesktop, libevtx, vmfs-tools, open-scsci, boot-up-manager
UPDATE on 11/17/2015: Packages added
hashcat, ntdsextract_1.3, lxde, libesedb, rdesktop
UPDATE on 12/14/2015: Packages added
nbd-client, gdebi-core, veracrypt
UPDATE on 02/01/2016: Packages added
hashid, git, hashcat2.0, newbackground, SMB Access
UPDATE on 05/13/2016: Packages added
mdadm, dmraid, dos2unix, libqcow, libfvde, TorBundle5.5.5
UPDATE on 09/27/2016: Packages added
xor.exe, plaso 1.5, ubuntu-zfs
Download it from this link: LosBuntu
Special thanks go out to my old friends at the lab Mark B, Paul I, Pete M, and John T. for the corny name, ideas, and testing. You guys are the best in the State, keep doing what you do best.
If this
tool helped you during your investigation, we would definitely like
to hear from you. You can leave a comment or reach me on twitter:
@carlos_cajigas
Useful Links:
- LosBuntu used to analyze an MS12-020 RDP Crash Dump with Volatility.
Link to - ComputerSecurityStudent
- LosBuntu used to mount and convert a VMDK virtual disk to raw, on-the-fly. YouTubeVideo
- LosBuntu used for physical disk, image acquisitions using guymager. YouTubeVideo
- LosBuntu used to wipe and validate sterilization of physical disks. YouTubeVideo
- LosBuntu used to Activate & Set Windows 7 Admin Password.
Link to - ComputerSecurityStudent
No comments:
Post a Comment