I have installed Ubuntu Hardy on my laptop with Windows XP Professional running in Virtualbox (close source edition. (I couldn't get the usb and filesharing to work in virtualbox-ose)What packages would you recommend for forensic work? I am interested in Ubuntu, other linux (compile from source or alien) and Windows XP programs.

Thanks

I'm not sure exactly what kind of forensics stuff you want to do, but Nessus (network scanner and security evaluator), nmap (port scanner) and snort (packet inspection) are the top three programs that come to mind for basic security stuff. OSSEC (ossec.net --there's no package; you have to compile from source but it's easy) is also really nice if you are looking for ways to secure your machine or a network, or as a means of centralizing other security software (because OSSEC can read the logs of snort and lots of other things, and report stuff to you at a centralized location).

If you want to play around with stuff, Linux distributions specialized for the task at hand are a good route.

For disk forensics, maybe Helix (http://www.e-fense.com/helix/)
For network forensics, perhaps Knoppix-STD (http://knoppix-std.org/tools.html)
For penetration testing, Backtrack (http://www.remote-exploit.org/backtrack.html)

If you just want to find tools to add to an existing distribution, an excellent list of candidates is Insecure top 100 security tools (http://sectools.org/)

Thanks for the replies.

I have since found this:

http://www.ubuntugeek.com/list-of-security-tools-available-in-ubuntu.html#more-474

and

http://ubuntulinuxhelp.com/digital-forensics-in-linux-reclaiming-data-off-a-failed-hard-drive/


I'm not sure exactly what kind of forensics stuff you want to do...

At this stage I am mostly going to use my personal laptop for learning. However I am looking to get a laptop procured by my organisation.

I am also interested in the physical stuff such as evidence bags, cables etc. If I want it I need to procure it at the same time.

I am hoping this will be useful for other people wanting to start out in forensics.

Getting started, or forensic analysis on the cheap

http://windowsir.blogspot.com/2008/02/getting-started-or-forensic-analysis-on.html

Forensic Analysis Applications

http://windowsir.blogspot.com/2008/07/forensic-analysis-applications.html

Backtrack 3

http://homes.esat.kuleuven.be/~decockd/site/myHowTos/applications/viewers_for_browser_cookies,_index.dat,.../index.html

and

http://www.foundstone.com/us/resources-free-tools.asp

Thanks for the responses so far. I hope they are useful for other people.