This section descibes a few bootable CD-ROMs that you may find useful.
Forensic and Incident Response Environment (FIRE), previously known as Biatchux (http://biatchux.dmzs.com or http://fire.dmzs.com) is a portable, bootable, CD-based distribution designed to provide an immediate environment in which to perform forensic analysis, incident response, data recovery, virus scanning, and vulnerability assessment. FIRE is available in a special distribution that provides core tools for live forensic analysis; simply mount the CD-ROM on your choice of OS, including Win32, SPARC, Solaris, and Linux. The following list describes the tools that come in the base Forensics/Data Recovery distribution. Most of the distribution is released under GNU General Public License (GPL), but be sure to double-check the copyright on each specific program.
The Autopsy forensic browser is an HTML-based frontend interface to a useful forensics tool known as TCT (The Coroner's Toolkit) and the TCT-Utils package. It allows an investigator to browse forensic images. It also provides a convenient interface for searching for key words on an image.
chkrootkit is a tool to locally check for signs of a rootkit.
Cryptcat is an encryption-enabled netcat.
dsniff is a collection of tools for network auditing and penetration testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting ...