TABLE OF CONTENTS Computer forensics is an emerging discipline that has exploded in popularity in recent years. It is an exciting field and a lot of security professionals are interested in learning more about it. Although computer forensics traditionally is not the first thing that comes to mind when people think about doing penetration testing, a large number of companies are starting to turn to computer forensic tools because of the amount of technology they use.
As the field of computer forensics continues to expand, the number of forensic hardware and software tools has also continued to increase. Some of the forensic software packages released by the leading vendors tend to very expensive; single licenses for some forensic software can cost as much as $4,000. For this reason, open source forensic tools can be extremely useful for companies or individuals with limited financial means. One such tool, Auditor (the predecessor to BackTrack), was limited to four forensic tools. The four forensic tools included with the Auditor Linux distribution, as shown in Figure 11.1, were Autopsy, Recovered, Testdisk, and Wipe. The Auditor Live CD was mainly used for penetration testing, so it had limited forensic capabilities.
BackTrack was also designed primarily as a penetration testing tool, but it includes 13 very powerful open source forensic tools, as shown in Figure 11.2.
The BackTrack tools are divided into three categories: Image...
