{"id":27,"date":"2006-03-14T09:17:51","date_gmt":"2006-03-14T09:17:51","guid":{"rendered":"https:\/\/www.darknet.org.uk\/2006\/03\/10-best-security-live-cd-distros-pen-test-forensics-recovery\/"},"modified":"2017-08-30T00:47:52","modified_gmt":"2017-08-29T16:47:52","slug":"10-best-security-live-cd-distros-pen-test-forensics-recovery","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2006\/03\/10-best-security-live-cd-distros-pen-test-forensics-recovery\/","title":{"rendered":"10 Best Security Live CD Distros (Pen-Test, Forensics &#038; Recovery)"},"content":{"rendered":"<p><strong>1. BackTrack<\/strong><\/p>\n<p>The newest contender on the block of course is <a href=\"https:\/\/www.darknet.org.uk\/2006\/02\/backtrack-a-merger-between-whax-and-auditor\/\">BackTrack, which we have spoken about previously<\/a>. An innovative merge between WHax and Auditor (WHax formely WHoppix).<\/p>\n<p>BackTrack is the result of the merging of two Innovative Penetration Testing live Linux distributions Whax and Auditor, combining the best features from both distributions, and paying special attention to small details, this is probably the best version of either distributions to ever come out.<\/p>\n<p>Based on SLAX (Slackware), BackTrack provides user modularity. This means the distribution can be easily customised by the user to include personal scripts, additional tools, customised kernels, etc.<\/p>\n<p><a href=\"http:\/\/www.remote-exploit.org\/index.php\/BackTrack\">Get BackTrack Here<\/a>.<\/p>\n<p><strong>2. Operator<\/strong><\/p>\n<p>Operator is a very fully featured LiveCD totally oriented around network security (with open source tools of course).<\/p>\n<p>Operator is a complete Linux (Debian) distribution that runs from a single bootable CD and runs entirely in RAM. The Operator contains an extensive set of Open Source network security tools that can be used for monitoring and discovering  networks. This virtually can turn any PC into a network security pen-testing device without having to install any software. Operator also contains a set of computer forensic and data recovery tools that can be used to assist you in data retrieval on the local system.<\/p>\n<p><a href=\"http:\/\/www.ussysadmin.com\/operator\/\">Get Operator Here<\/a><\/p>\n<p><strong>3. PHLAK<\/strong><\/p>\n<p>PHLAK or [P]rofessional [H]acker&#8217;s [L]inux [A]ssault [K]it is a modular live security Linux distribution (a.k.a LiveCD). PHLAK comes with two light gui&#8217;s (fluxbox and XFCE4), many security tools, and a spiral notebook full of security documentation. PHLAK is a derivative of Morphix, created by Alex de Landgraaf.<\/p>\n<p>Mainly based around Penetration Testing, PHLAK is a must have for any pro hacker\/pen-tester.<\/p>\n<p><a href=\"http:\/\/www.phlak.org\/modules\/mydownloads\/\">Get PHLAK Here<\/a> (You can find a <a href=\"http:\/\/public.planetmirror.com\/pub\/phlak\/?fl=p\">PHLAK Mirror Here<\/a> as the page often seems be down).<\/p>\n<p><strong>4. Auditor<\/strong><\/p>\n<p>Auditor although now underway merging with WHax is still an excellent choice.<\/p>\n<p>The Auditor security collection is a Live-System based on KNOPPIX. With no installation whatsoever, the analysis platform is started directly from the CD-Rom and is fully accessible within minutes. Independent of the hardware in use, the Auditor security collection offers a standardised working environment, so that the build-up of know-how and remote support is made easier.<\/p>\n<p><a href=\"http:\/\/www.remote-exploit.org\/index.php\/Auditor_mirrors\">Get Auditor Here<\/a><\/p>\n<p><strong>5. L.A.S Linux<\/strong><\/p>\n<p>L.A.S Linux or Local Area Security has been around quite some time aswell, although development has been a bit slow lately it&#8217;s still a useful CD to have. It has always aimed to fit on a MiniCD (180MB).<\/p>\n<p>Local Area Security Linux is a &#8216;Live CD&#8217; distribution with a strong emphasis on security tools and small footprint. We currently have 2 different versions of L.A.S. to fit two specific needs &#8211; MAIN and SECSERV. This project is released under the terms of GPL.<\/p>\n<p><a href=\"http:\/\/www.localareasecurity.com\/download\">Get L.A.S Linux Here<\/a><\/p>\n<p><strong>6. Knoppix-STD<\/strong><\/p>\n<p>Horrible name I know! But it&#8217;s not a sexually trasmitted disease, trust me.<\/p>\n<p>STD is a Linux-based Security Tool. Actually, it is a collection of hundreds if not thousands of open source security tools. It&#8217;s a Live Linux Distro, which means it runs from a bootable CD in memory without changing the native operating system of the host computer. Its sole purpose in life is to put as many security tools at your disposal with as slick an interface as it can.<\/p>\n<p><a href=\"http:\/\/www.knoppix-std.org\/download.html\">Get Knoppix-STD Here<\/a><\/p>\n<script async src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-3033787195489589\"\r\n     crossorigin=\"anonymous\"><\/script>\r\n<!-- Darknet Responsive Post Ad Links [previously link ad unit] -->\r\n<ins class=\"adsbygoogle\"\r\n     style=\"display:block\"\r\n     data-ad-client=\"ca-pub-3033787195489589\"\r\n     data-ad-slot=\"5456620019\"\r\n     data-ad-format=\"auto\"><\/ins>\r\n<script>\r\n     (adsbygoogle = window.adsbygoogle || []).push({});\r\n<\/script>\n<p><strong>7. Helix<\/strong><\/p>\n<p>Helix is more on the forensics and incident response side than the networking or pen-testing side. Still a very useful tool to carry.<\/p>\n<p>Helix is a customized distribution of the Knoppix Live Linux CD. Helix is more than just a bootable live CD. You can still boot into a customized Linux environment that includes customized linux kernels, excellent hardware detection and many applications dedicated to Incident Response and Forensics.<\/p>\n<p><a href=\"http:\/\/www.e-fense.com\/helix\/\">Get Helix Here<\/a><\/p>\n<p><strong>8. F.I.R.E<\/strong><\/p>\n<p>A little out of date, but still considered the strongest bootable forensics solution (of the open-source kind). Also has a few pen-testing tools on it.<\/p>\n<p>FIRE is a portable bootable cdrom based distribution with the goal of providing an immediate environment to perform forensic analysis, incident response, data recovery, virus scanning and vulnerability assessment.<\/p>\n<p><a href=\"http:\/\/fire.dmzs.com\/\">Get F.I.R.E Here<\/a><\/p>\n<p><strong>9. nUbuntu<\/strong><\/p>\n<p>nUbuntu or Network Ubuntu is fairly much a newcomer in the LiveCD arena as Ubuntu, on which it is based, is pretty new itself.<\/p>\n<p>The main goal of nUbuntu is to create a distribution which is derived from the Ubuntu distribution, and add packages related to security testing, and remove unneeded packages, such as Gnome, Openoffice.org, and Evolution. nUbuntu is the result of an idea two people had to create a new distribution for the learning experience.<\/p>\n<p><a href=\"http:\/\/www.nubuntu.org\/downloads.php\">Get nUbuntu Here<\/a><\/p>\n<p><strong>10. INSERT Rescue Security Toolkit<\/strong><\/p>\n<p>A strong all around contender with no particular focus on any area (has network analysis, disaster recovery, antivirus, forensics and so-on).<\/p>\n<p>INSERT is a complete, bootable linux system. It comes with a graphical user interface running the fluxbox window manager while still being sufficiently small to fit on a credit card-sized CD-ROM.<\/p>\n<p>The current version is based on Linux kernel 2.6.12.5 and Knoppix 4.0.2<\/p>\n<p><a href=\"http:\/\/www.inside-security.de\/insert_en.html\">Get INSERT Here<\/a><\/p>\n<p><strong>Extra &#8211; Knoppix<\/strong><\/p>\n<p>Remember this is the innovator and pretty much the basis of all these other distros, so check it out and keep a copy on you at all times!<\/p>\n<p>Not strictly a security distro, but definately the most streamlined and smooth LiveCD distribution. The new version (soon to be released &#8211; Knoppix 5) has seamless NTFS writing enabled with libntfs+fuse.<\/p>\n<p>KNOPPIX is a bootable CD or DVD with a collection of GNU\/Linux software, automatic hardware detection, and support for many graphics cards, sound cards, SCSI and USB devices and other peripherals. KNOPPIX can be used as a productive Linux desktop, educational CD, rescue system, or adapted and used as a platform for commercial software product demos. It is not necessary to install anything on a hard disk.<\/p>\n<p><a href=\"http:\/\/www.knopper.net\/knoppix-mirrors\/index-en.html\">Get Knoppix Here<\/a><\/p>\n<p>Other Useful Resources:<\/p>\n<p><a href=\"http:\/\/www.securitydistro.com\/\">SecurityDistros<\/a><br \/>\n<a href=\"http:\/\/www.frozentech.com\/content\/livecd.php?pick=All&#038;showonly=security\">FrozenTech LiveCD List<\/a><br \/>\n<a href=\"http:\/\/distrowatch.com\/\">DistroWatch<\/a><\/p>\n<p>Others to consider (Out of date or very new):<\/p>\n<p><a href=\"http:\/\/slackpen.secureslack.org\/\">SlackPen<\/a><br \/>\n<a href=\"http:\/\/www.thepacketmaster.com\/\">ThePacketMaster<\/a><br \/>\n<a href=\"http:\/\/trinux.sourceforge.net\/\">Trinux<\/a><br \/>\n<a href=\"https:\/\/sourceforge.net\/projects\/warlinux\/\">WarLinux<\/a><br \/>\n<a href=\"http:\/\/www.networksecuritytoolkit.org\/nst\/\">Network Security Toolkit<\/a><br \/>\n<a href=\"http:\/\/hysteria.sk\/marko\/bw2\/\">BrutalWare<\/a><br \/>\n<a href=\"http:\/\/www.kcpentrix.net\/Site\/\">KCPentrix<\/a><br \/>\n<a href=\"http:\/\/www.projectplanb.org\/\">Plan-B<\/a><br \/>\n<a href=\"https:\/\/www.darknet.org.uk\/2015\/03\/pentoo-gentoo-based-penetration-testing-linux-livecd\/\">PENToo<\/a><\/p>\n<p>New ones added from authors e-mail\/slashdotters and diggers:<\/p>\n<p><a href=\"http:\/\/arudius.sourceforge.net\/\">Arudius<\/a><br \/>\n<a href=\"http:\/\/www.k-lug.org\/~kessler\/projects.html\">The Gentoo Forensic Toolkit<\/a><br \/>\n<a href=\"http:\/\/sourceforge.net\/projects\/anonym-os\/\">Anonym-OS<\/a><\/p>\n<p><a href=\"http:\/\/digg.com\/security\/_10_Best_Security_Live_CD_Distros_(Pen-Test,_Forensics_Recovery)\">Digg This Article<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>1. BackTrack The newest contender on the block of course is BackTrack, which we have spoken about previously. An innovative merge between WHax and Auditor (WHax formely WHoppix). BackTrack is the result of the merging of two Innovative Penetration Testing live Linux distributions Whax and Auditor, combining the best features from both distributions, and paying [&hellip;]<\/p>\n","protected":false},"author":25,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"","_seopress_titles_desc":"","_seopress_robots_index":"","_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[9,5],"tags":[262,43,80,258,8861,79],"featured_image_src":null,"featured_image_src_square":null,"author_info":{"display_name":"Darknet","author_link":"https:\/\/www.darknet.org.uk\/author\/darknet\/"},"_links":{"self":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts\/27"}],"collection":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/users\/25"}],"replies":[{"embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/comments?post=27"}],"version-history":[{"count":0,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts\/27\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/media?parent=27"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/categories?post=27"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/tags?post=27"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}