What is the best setup for forensical tasks?
That's sure not an easy question and there will be not "the one and only" right answer, but you can find a lot of good answers to it.
- the OS:
so the first step is to dismiss mac, because i realy don't like the apple stuff.
ok ok i admit it - there is no second step, because for me there is only 1 acceptable OS and that is Linux.
Although i have to say, that this is the first time i feel a little disadvanteged by using linux, because there are tons of well known forensic programs only usable on windows. (Don't know if wine would do the job?)
But as always i prefer open source and rely on it! I believe that there is an open source solution for every task and every problem :)
- the distro
so for me there were 2 options:
- kali linux: mainly for pentesting, but it comes with a decent number of forensical tools with it. I had it already running in dual-boot with ubuntu on one of my laptops and did a few ctfs with it. So you could say i have a little experience with the main tools (nmap, hydra, patator, vega, burp....).
- Sans SIFT: After a while googleing i found this toolkit (so it is not realy a independend distro) and decided to try it. The installation was very simple, just follow the instructions on https://github.com/sans-dfir/sift-cli#instructions . So i have installed it on a virtual machine (a nice and especially safe way to test) on a ubuntu 16.04.
so much to the setup, i'm going to try the first steps with the Sans SIFT and hope it will work out :D
No comments:
Post a Comment