Penguin Sleuth Kit Virtual Computer Forensics and Security Platform

Penguin Sleuth Computer Forensics and Security Appliance for incident response and Testing

Features

Collegiate:
No

One-line Description:
Penguin Sleuth Computer Forensics and Security Appliance for incident response and Testing

Filename:
Penguin Sleuth Virtual Platform.zip

Size Compressed:
719

Allocated Memory:
256

Username:
root

Password:
penguin

VMware Tools Installed?:
Yes

Operating System:
Gentoo Linux 2.6 Kernal

Applications:
Base Package:
Gentoo Linux 2.6 Kernel - Opyimized for Forensics Use
XFCE - GUI
Apache2 - Server
Mysql
PHP4
Open Office
Gimp - Graphics Program
KSnapshot - Screen Capture Program
Mozilla
Gnome CD Master
K3b - CD Burner
XMMS - media player
Porthole - Gentoo Graphics Package Manager
Karchiver - GZIp GUI
Forensics Tools:
Sleuth Kit -Forensics Kit
Py-Flag - Forensics Browser
Autopsy - Forensics Browser
dcfldd - DD Imaging Tool command line tool and also works with AIR
foremost - Data Carver command line tool
Air - Forensics Imaging GUI
md5deep - MD5 Hashing Program
netcat - Command Line
cryptcat - Command Line
NTFS-Tools
qtparted Partitioning Tool
regviewer - Windows Registry Viewer
Security Tools:
Etherape - GUI Network Traffic Monitor
Clamv - Anti Virus
snort - Command Line
John the Ripper - Command Line password cracker
rkhunter - Command Line
Ethereal - Network Traffic Analyzer
FWBuilder - GUI Firewall App
nessus - network scanner

Description:
The purpose of this document is to outline my current Penguin Sleuth Project, establish goals, and release new Penguin Sleuth Project to the general public as open source software.
After a 2 year hiatus from the Linux Forensics community, I started to ponder on the future of Linux-forensics.com and the Penguin Sleuth Kit. First I figured that the Bootable CD concept really took off. I know that Systems Admins and hard core forensics people had been using these types of CDs prior to the Penguin Sleuth, and there were in fact several forensics Boot CDs out when the Sleuth came around. My goal of the Original Penguin Sleuth project was to bring the Linux Forensics platform to the common investigator without the intimidation of Linux, while maintaining the power and functionality of a full powered Linux System. I discovered the Knoppix project and basically modified the distribution to make it more forensic friendly and created a new distro. Face it, what I did was not rocket science and not a new concept at all. All I did was take two concepts. One, I used the power of Linux as a forensics and data security tool. Two, I presented it in a Knoppix easy to use fashion. This gave the best of two worlds and sort of brought the geek world closer to the real world.
Although I was not new to the computer world and Unix, I was very new to Linux. Since the inception of the Penguin Sleuth, Bootable CD distributions have boomed. There are several awesome Forensics type Bootable CD’s out there. These CD’s have surpassed the Penguin Sleuth by leaps and bounds. I met so much resistance at first. How dare someone introduce Linux in a simple fashion. Bootable CD distributions where for advanced forensics, how could I release a GUI Linux forensics bootable CD? Well, I did and look at where we’re at now.
I in no way take credit for this boom. I have always said, I’m not in this to become famous. I am in this to promote the Linux operating system and to try to promote thinking outside the forensics box. Since becoming involved with computer forensics, I have noticed that sometimes we get so tied up in common practices that we forget that technology is running at light speed. In other areas of Law Enforcement we can afford to move slowly but when it comes to technology, today’s best practice is tomorrow’s memory. When I do admit that best practices is probably the most important part of forensics, I also believe that we can’t afford to fall behind the technology curve. We need to balance research and testing time also. The other issues we face are portability. The days of sitting back in the lab are gone. We find ourselves doing more time mobile than back in the office.
Now this brings me to my new and innovative idea. I was fooling around with VOIP and stumbled across a software PBX System called Asterisks which runs on the Linux Platform. I decided to start messing around with it. I have to admit, I hadn’t used my Linux system in a while and had wiped it off my hard drive. I am a big Gentoo Linux user so I was preparing to go through the process of bringing my dual boot system back up and running. Upon further research, I found a Virtual Machine that runs inside of VMware. This Virtual Machine contained a full CentOS distribution of Linux and the Asterisks PBX on it. I decided what the heck, I would run the VMware virtual machine for testing before installing my dual boot system again. What the hec, I’ve always been a fan of VMware. I also found out that VMware had released a free version called VMware Player and VMware Server. VMware Server is still in Beta but my understanding is that it will remain free when it is fully released. Upon looking at the server product I noticed that this would work perfect for my geek project. More details on these products can be found at the VMware website. Upon further research I was amazed at how far VMware has come. I also noticed a concept VMware has been pushing. This concept is called the Virtual Appliance. The way it works is that you create a virtual machine to do different specialized tasks. The idea is being able to partition a server in to several servers using virtual machines. These virtual machines reduce deployment time, save money on hardware, etc. Perfect example is my home PBX. I am running it on VMware server in the background while I am running Windows XP normally on my machine. I have a high end machine and can’t even tell it’s there. I have even played some high end games while running my PBX server with no problem.
Now, I started thinking, why couldn’t you create a Linux Forensics Virtual computer appliance / platform. The ideas on uses can be endless. First and foremost you can actually run a Linux platform within Windows, or think of those who want to image in Linux and conduct an exam at the same time in Windows. The advantage is also the reduction in install and development time. Almost like having the forensics computer ready to go immediately. What about the newbies that want to learn or fool around with Linux? I think this idea could even be more of a solution for the security side of the house than the CD solution. You could install this virtual platform on to a network, do your auditing within the virtual world. This would enable you to put up a honeypot, do auditing and guess what anything malicious ends up on the virtual machine only. You can even put it on the host server if you don’t have additional hardware. This would enable a maximum uptime on the server while doing live auditing. Just a taste of ideas here nothing more.
This is something, I am sure is already being done. Just like the bootable CD, this is not a new idea. We have been using VMware for a long while within the computer forensics community for one thing or another. The concept here is bringing this tool to the front. The technology is there why not use it!
www.linux-forensics.com
Home of the Penguin Sleuth

Technical Specifications

Operating System:

Gentoo Linux 2.6 Kernal

VMware Tools installed: No

Size: 719MB

Allocated Memory (RAM): 256MB

Applications Installed:

Base Package:Gentoo Linux 2.6 Kernel - Opyimized for Forensics UseXFCE - GUIApache2 - ServerMysqlPHP4Open OfficeGimp - Graphics ProgramKSnapshot - Screen Capture ProgramMozillaGnome CD MasterK3b - CD BurnerXMMS - media playerPorthole - Gentoo Graphics Package ManagerKarchiver - GZIp GUIForensics Tools:Sleuth Kit -Forensics KitPy-Flag - Forensics BrowserAutopsy - Forensics Browserdcfldd - DD Imaging Tool command line tool and also works with AIRforemost - Data Carver command line toolAir - Forensics Imaging GUImd5deep - MD5 Hashing Programnetcat - Command Linecryptcat - Command LineNTFS-Toolsqtparted Partitioning Toolregviewer - Windows Registry ViewerSecurity Tools:Etherape - GUI Network Traffic MonitorClamv - Anti Virussnort - Command LineJohn the Ripper - Command Line password crackerrkhunter - Command LineEthereal - Network Traffic AnalyzerFWBuilder - GUI Firewall Appnessus - network scanner

Virtual Appliance Account Information