FCCU GNU/Linux Forensic Boot CD

FCCU GNU/Linux Forensic Bootable CD is a bootable CD based on KNOPPIX that contains a lot of tools suitable for computer forensic investigatins, including bash scripts.

FCCU GNU/Linux Forensic Boot CD's main purpose is to create images of devices prior to analysis, and it is used by the Belgian Federal Computer Crime Unit.

Features:

• This CD is based on KNOPPIX by Klauss Knopper.
• It is a remaster that I made to use at my work as a computer forensic investigator.
• Its main purpose is to create images copies of devices before analyse.
• It does not use a lot of cpu cycles for unnecessary programs, that is why it drops you to a shell right after the boot.
• It recognizes lots of hardware (Thanks to Klauss Knopper).
• It leaves the target devices unaltered (It does not use the swap partitions found on the devices).
• It contains a lot of tools with forensic purpose.

What is new in this release:

• The ability to start in non-graphical mode by passing "live 3" as a boot parameter.
• An updated version of Guymager (0.3.1).
• Two Windows tools to copy Win32 memory (including Vista): win32dd and mantech mdd.
• The memory analysis tool Volatility was added.
• The registry analysis tool regripper was added. aeskeyfinder and rsakeyfinder were added.
• A better starting Web page and a better description of the tools on the CD.
• An updated version (0.40) of the Perl library Parse-win32Registry.
• Version 3.3.4 of afflib.
• Many other updates.