Ideal USB Thumb Res...
 
Notifications
Clear all

Ideal USB Thumb Response kit

15 Posts
7 Users
0 Likes
535 Views
deckard
(@deckard)
Posts: 77
Trusted Member
Topic starter
 

I'd like to hear some ideas of what you would put on a USB thumb as far as programs for IR or CF live previews.

Let's say you have a 1gb thumb, they are fairly inexpensive now, and want to build one set of IR tools on one, and a second for CF live tools.

let's see shat we can cram in there.

Bill

 
Posted : 13/10/2006 5:38 pm
psu89
(@psu89)
Posts: 118
Estimable Member
 

For starters

FTK Imager Lite
Ethereal-WireShark (portable version)
NMap (portable version)

 
Posted : 13/10/2006 6:06 pm
Alan
 Alan
(@alan)
Posts: 53
Trusted Member
 

Candidates could be…

X-Ways capture
FTK imager
Taft
Winhex

Alan

 
Posted : 13/10/2006 7:21 pm
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

> let's see shat we can cram in there.

"shat"??

IMHO, the answer really depends. For IR, if you're facing Windows systems, in an environment with connectivity, I'd load the ProDiscover server, as well as the FRU utilities. If the environment is not networked, I'd load a minimal set of tools so that the rest of the space can hold the output.

I don't see the point of putting anything on a 1GB thumbdrive for CF except for perhaps an acquisition utility (dd?). Part of the reason for that is that we had an engineer hit a Win2K system recently that didn't have drivers for generic thumb drives, and I've encountered FreeBSD boxes that didn't have a /dev/usb entry.

I don't know…maybe it's just me, but I can't see doing CF analysis from a thumb drive.

 
Posted : 13/10/2006 10:08 pm
deckard
(@deckard)
Posts: 77
Trusted Member
Topic starter
 

<I don't know…maybe it's just me, but I can't see doing CF analysis from a thumb drive>

I think I like that answer

 
Posted : 13/10/2006 10:36 pm
psu89
(@psu89)
Posts: 118
Estimable Member
 

I don't think the intention was to do a CF analysis. I would guess that the term "CF live preview" was used for a reason.

 
Posted : 14/10/2006 12:39 am
Igor_Michailov
(@igor_michailov)
Posts: 529
Honorable Member
 

For starters

FTK Lite

What is it?

 
Posted : 14/10/2006 12:28 pm
psu89
(@psu89)
Posts: 118
Estimable Member
 

For starters

FTK Lite

What is it?

Sorry i should have been more clear- FTK Imager that runs from a USB drive. http//www.accessdata.com/media/en_US/print/techdocs/techdoc.Running_FTK_Imager_from_a_thumb_drive_or_CD.en_us.pdf

 
Posted : 14/10/2006 4:05 pm
az_gcfa
(@az_gcfa)
Posts: 116
Estimable Member
 

I think that would depend upon your intent – IR or Live CF. Another consideration would be platform specifics (win,linux,unix,etc.). I've only used thumb drives as a data store, great if system recognizes the drive! I prefer CD's for compatibility reasons.

 
Posted : 15/10/2006 9:26 am
skip
 skip
(@skip)
Posts: 57
Trusted Member
 

I'm a rookie…so maybe this is not an important point.

When you use a Thumb drive doesn't it change the contents of the Reg and Main Memory?

Does each Thumb Drive have a unique Reg key?

If the system you are responding to, or executing CF on, was compromised/abused by an individual using the same brand (make and model) of pen drive, then how could you tell if the contents of the Reg and Main Memory are from your Thumb drive or the malicous one?

I'm having a little troube explaining what I mean…but do you get my drift?
Skip

EDIT Plus I've seen those smaller 250 meg CDs fit into a wallet. It was a bootable CD with Free BSD…I believe?

 
Posted : 16/10/2006 7:06 pm
Page 1 / 2
Share: