This will be a multi-part post that will cover the windows live response portion of DEFT and CAIN, then move onto the boot-able Linux OS and finally how to create your own live CDROM.
DEFT V.4 (Extra)
- Easy to use and move around
- Icons are large
- Tab flows and categories are appropriate
- FTK Imager 220.127.116.11
- Ram Dumping
- Winen 6.11.2 (32 and 64-bit)
- MDD 1.3
- win32dd v1.1.20080818
- Collecting/Analyzing system information
- Password Recovery
- IE,Firefox,Crome,Mail and Wireless
- Web Browser History
- FileAlyzer (good for malware)
- File Browser
- Picture Scanner
- Notable Utilities
- PC On/off time
- Built-in file and picture browser.
Initial Memory Footprint~ 40K
- Lots of different tools that offer a lot of flexibility.
- Gui designs works well.
- The most popular memory imaging tools including Winen 64-bit.
- It has the zeroview utility, which allows responder to tell if whole disk encryption is used.
- WFT was expired and the tools directory needed did not exist on the CDROM.
- Some utilities are not in English.
- No automated collection of running information.
Overall this is a great live CDROM. The only downfall is that WFT was expired and no other automated collection was available on the CDROM.
Note: This was tested on a Vista 64-bit PC.
Make sure when you do live response, you understand what changes the utilities makes to the system. In future post, I’ll talk about strategies on how to reduce changes to the system.