Notifications
Clear all

SKADI

9 Posts
5 Users
0 Likes
1,414 Views
(@trewmte)
Posts: 1877
Noble Member
Topic starter
 

Skadi is a free, open source Ubuntu based VM that enables the collection, processing and advanced analysis of forensic artifacts and images. It contains tools
•Plaso
•CDQR
•CyLR
•Docker
•ElasticSearch, Logstash, Kibana (ELK)
•Redis
•Neo4j
•Celery
•Cerebro

https://github.com/orlikoski/Skadi/wiki/How-to-install-Skadi-from-a-USB-Drive

 
Posted : 15/08/2018 8:00 am
MDCR
 MDCR
(@mdcr)
Posts: 376
Reputable Member
 

<rant>
Not to attack just this, but more of "forensics distros" rant in general

I'd rather see some sort of bootable CD/DVD/USB distro that focus on collection and data recovery than some distro put together by some random person with too much free time that thinks that live forensics is the norm. Also, not just focusing on the Linux world with preinstalled tools that need to be started from the media.

ELK? Neo? Are you f-ing kidding me?

A distro that focus on acquisition to useable, portable fileformats with a wide, multiple selection for each category, i.e. to dump memory, capture network traffic, image disks and external devices (mobile phones, GPS, drones) would beat any such distros in a heartbeat because it, you know, focus on reality.
</rant>

 
Posted : 15/08/2018 10:28 am
kastajamah
(@kastajamah)
Posts: 109
Estimable Member
 

Sounds like Paladin would be a good candidate based on your rant above. I have used it since 2012, and it is a great free tool.

The first post in this string seems more like an advert for SKADI than anything else.

 
Posted : 15/08/2018 1:59 pm
(@thefuf)
Posts: 262
Reputable Member
 

Sounds like Paladin would be a good candidate based on your rant above. I have used it since 2012, and it is a great free tool.

A live forensic distribution executing malicious code from a suspect drive

A live forensic distribution writing to a suspect drive

 
Posted : 15/08/2018 2:33 pm
(@trewmte)
Posts: 1877
Noble Member
Topic starter
 

&lt;rant&gt;
Not to attack just this, but more of "forensics distros" rant in general

I'd rather see some sort of bootable CD/DVD/USB distro that focus on collection and data recovery than some distro put together by some random person with too much free time that thinks that live forensics is the norm. Also, not just focusing on the Linux world with preinstalled tools that need to be started from the media.

ELK? Neo? Are you f-ing kidding me?

A distro that focus on acquisition to useable, portable fileformats with a wide, multiple selection for each category, i.e. to dump memory, capture network traffic, image disks and external devices (mobile phones, GPS, drones) would beat any such distros in a heartbeat because it, you know, focus on reality.
&lt;/rant&gt;

It's OK to rant… it's healthy. So I take it you don't like Skadi et al lol Yeah, I get what you are saying; just passing on what has been found… might be helpful to students or someone else..

 
Posted : 15/08/2018 4:24 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

Sounds like Paladin would be a good candidate based on your rant above. I have used it since 2012, and it is a great free tool.

The first post in this string seems more like an advert for SKADI than anything else.

Well, if that is an ad, yours is astroturfing 😯 .

Surely trewmte is only sharing a bit of information he has, nothing more, nothing less. )

But you can check here to see how masked advertising/astroturfing actually looks like wink
https://www.forensicfocus.com/c/aid=254/reviews/2018/forensic-falcon-neo-from-logicube/

@MDCR
Not particularly ranting IMHO, but you surely hit the nail right on the head. !

@thefuf
Thanks for the inside look in these matters, very interesting as always.

jaclaz

 
Posted : 15/08/2018 4:28 pm
(@trewmte)
Posts: 1877
Noble Member
Topic starter
 

Surely trewmte is only sharing a bit of information he has, nothing more, nothing less. ) jaclaz

Yes, thanks jaclaz. Just sharing.

 
Posted : 15/08/2018 5:29 pm
kastajamah
(@kastajamah)
Posts: 109
Estimable Member
 

@thefuf Thank you for the information.

@jaclaz valid point. I will now eat my humble pie. )

 
Posted : 15/08/2018 5:44 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

@jaclaz valid point. I will now eat my humble pie. )

Naaah, no need to ) (unless of course you actually like it ? ).

Should you want to taste some of my own NSHP (Not So Humble Pie) wink you are welcome anytime.

jaclaz

 
Posted : 15/08/2018 6:43 pm
Share: