[Previous entry: "Application Security Inc has made a search page available for the ploicy check list"] [Next entry: "Ed's latest post in the catpatch.sql series - missing SELECT ANY DICTIONARY PRIVILEGE"]
I posted the other day about a great floppy disk Linux distribution that I found that can be used to rescue a failed system or to use in a forensics capacity on a database server that is known to have been compromised.
Paul Drake made a comment post to this blog entry that i felt was worth mentioning here as a new blog entry.
Paul made us aware of another option. This is called Helix. Helix is a customised distribution of Knoppix Live Linux CD. The Helix CD can be booted using customised different versions of the kernel. It is a bootable live CD and includes tools that are dedicated to Incident response and forensics. The CD has been created specifically so that it does not alter the HOST PC in anyway. This CD is used by SANS in the Track 8: System Forensics, investigation and response course.
The above paragraph is paraphrased from the Helix website for this CD. Go there to see their own details, FAQ, contents and download.
Details of the SANS forensics course can be found here.