Jan 30 2006
FCCU GNU/Linux boot CD 10.0 released
This one is based on knoppix 4.0
What's new ?
- A PXE boot feature to facilitate searches in large scale networks.
- mwcollect and nepenthes were added for malware hunting
- grokevt was added to view MS win event log files more efficiently
- reglookup was added to export MS win registry files
- And a lot of new packages ... see the Changelog file on the cd
- This CD is now only available from lnx4n6.be
- UPDATE YOUR BOOKMARKS
FCCU GNU/Linux boot CD 9.0 released
This one is based on knoppix 3.9
What's new ?
- The latest Sleuthkit version (2.02)
- Custom kernel without the slow USB driver (UB)
- NTFS write support removed (too dangerous for forensic purpose)
- Probe all LUN was added to support most of the USB multi card readers
- mork.pl, a tool to read Firefox history
- fccu-docprop was added see above
- And a lot of new packages ... see the Changelog file on the cd
New software released : fccu-docprop
A command line tool to read MS documents properties
FCCU GNU/Linux Forensic Boot CD
This CD is based on KNOPPIX by Klauss Knopper.
It is a remaster that I made to use at my work as a computer forensic investigator.
Its main purpose is to create images copies of devices before analyse.
It does not use a lot of cpu cycles for unnecessary programs, that is why it drops you to a shell right after the boot.
It recognizes lots of hardware (Thanks to Klauss Knopper).
It leaves the target devices unaltered (It does not use the swap partitions found on the devices).
It contains a lot of tools with forensic purpose.
Download
fccu-linux-cd-6.1(519 MiB) md5 sha1
fccu-linux-cd-7.0(530 MiB) md5 sha1
fccu-linux-cd-7.1(525 MiB) md5 sha1
fccu-linux-cd-7.2(538 MiB) md5 sha1
fccu-linux-cd-8.0(563 MiB) md5 sha1
fccu-linux-cd-8.1(537 MiB) md5 sha1
fccu-linux-cd-9.0(615 MiB) md5 sha1
Important commentsVersion 8.0 : You have to specify the dma acceleration at boot time (fccu dma) to turn it on
Please, refer to each individual package to obtain information about packages on the CD
More documentation will come soon
Each script made by the FCCU begins with the prefix "fccu" so it's easy to find them with the bash autocompletion
FCCU evtreader.pl
This is a Perl script which parse an MS Windows evt log file and retrieve usefull informations.
It is a command line tool. Try the -h option to have more help.
The script is released under the General Public License
There is a few options. Feel free to improve it or ask for features.
If you find bugs, send me a report and, if possible, the bad event log file.
This script should not write anything on the disk but be carefull and try to work on read-only file systems
It's intended to run under GNU/Linux but it should work on other platforms too (untested).
The script will be integrated on future releases of the boot CD. Until that time, you can have it on a floppy or usb key and it should run with the CD anyway.
fccu.evtreader.1.0.tar.gz (9KiB) md5 sha1
fccu.evtreader.1.1.tar.gz (9KiB) md5 sha1
More scripts are about to come
FCCU docprop
This is a program that tries to print the properties of OLE files.
OLE Files are mainly MS Office doc files and MS Office xls files.
This software needs the libgsf library. Verify that you have it installed on your system before trying to install fccu-docprop
The software is released under the General Public License
fccu-docprop-0.1.tar.gz (10KiB) md5 sha1
Christophe Monniez
d-fence__at__d-fence.be