Episode 137 – OLF Prep

Posted by Tony on October 20, 2014 in Show-mp3, Show-ogg |



MP3 format (for Freedom Haters!)
OGG format (for Freedom Lovers!)
Total Running Time:

Un-edited Live session – http://www.youtube.com/watch?v=_PNbvbL5_ik

Contact Us:

show (at) smlr.us or the Contact us page


Kernel News: Mat
Distro Talk: Tony
Mary Distro Review
Tech News:
Security Bit
Listener Feedback
Outtro Music


Tony Bemus, Mat Enders, and Mary Tomich
Sound bites by Mike Tanner

Kernel News: Mat


mainline:	3.17    	2014-10-05
stable: 	3.17.1  	2014-10-15
stable: 	3.16.6  	2014-10-15
longterm:	3.14.22  	2014-10-15
longterm:	3.12.30  	2014-10-08
longterm:	3.10.58  	2014-10-15
longterm:	3.4.104  	2014-09-25
longterm:	3.2.63  	2014-09-13
longterm:	2014-06-18
linux-next:	next-20141017	2014-10-17

Distro Talk: Tony



  • 10-06 – Untangle NG Firewall 11.0
  • 10-07 – CAINE 6.0
  • 10-07 – NetBSD 6.1.5, 6.0.6
  • 10-09 – ROSA R4 “Desktop Fresh”
  • 10-11 – VyOS 1.1.0
  • 10-11 – 4MLinux 10.0
  • 10-11 – BackBox Linux 4.0
  • 10-11 – GALPon MiniNo 2014 “PicarOS”
  • 10-12 – Lunar Linux 1.7.0
  • 10-12 – Smoothwall Express 3.1
  • 10-14 – Scientific Linux 7.0
  • 10-14 – Red Hat Enterprise Linux 6.6
  • 10-17 – IPFire 2.15 Core 84 http://planet.ipfire.org/post/two-new-features-for-the-ipfire-firewall
  • 10-17 – SELKS 1.0

Distro of the Week: Tony

  1. openSUSE – 1551
  2. Debian – 1645
  3. Lunar – 1816
  4. Mageia – 1996
  5. Mint – 2326

Mary Distro Review


The Vitals:
Name: CAINE (Computer Aided Investigative Environment
Maintainer: Nanni Bassetti
Distro Latest Birthday: 10/7/2014
Derivative: Ubuntu
Kernel: 3.13.0-36
Review Desktop: Gnome

Live Environment:

Caine boots to a Mate desktop environment. Several (10—Caine info, mixed scripts, root file manager, Firefox, keyboard changer, and some of the tools) icons are on the desktop, including an installer icon. Caine Linux is installed via Systemback.

Mate classic desktop environment I won’t go into a lot of detail about the stock Mate desktop—everyone knows it’s based on Gnome 2.

A single panel at the bottom. It contained several informative system tray icons. For example after connecting to wireless, my upload/download speed was always viewable. A right-click on the Blue-tooth allowed me to toggle it on and off, as well as perform other related tasks. Drive mounter icon is very slick—it’s “green” if the drive is mounted read-only. That is the default method for mounting devices. If you right-click the icon, you can toggle it to write-able. But be prepared for several warnings. After all, the whole idea of computer forensics is to not mess with the data and a write-able hard drive raises the risk.

Graphics:  ( i915)
Wireless:  (lib80211) No problem with the Broadcom chip. (Likely more the fact that it’s based on Ubuntu than anything else.)

The Defaults
Browser: Firefox
Office Suite: LibreOffice
Mail Client: Thunderbird
File Manager: Files, Caja

The Install Process:

Intalling Caine is mostly a breeze. There are only a few steps to complete after you click the installer icon on the desktop:
1. Supply new user/password information (and root’s password)
2. Partition setting (size it, create it)
3. Highlight it and determine mount point, file system (ext4), and whether you want to format it.
4. Same screen has grub2 bootloader option.

After you complete the partition setup, Systemback is configured such that one of its restore points is “Live Image”. Click Start and the install begins. What’s actually happening is Systemback is restoring a system image to your computer.

After the install concludes, the system continued to sit in live mode for a long time. Once I started the reboot process, it suddenly remembered what to do.

Installed Environment:

During install, I was not prompted for any keyboard localization, timezone, etc. So the system rebooted on Italian time. First reboot shows a cleaner desktop than the live environment. There are only three icons: computer, user’s home, and trash.

Menu contained forensic tools sub-menu:
Memory forensics (Inception, Volatility)
Database ( SQLite database browser, Sqliteman)
Mobile forensics (Blackberry and Idevice scripts; iPhone Backup analyzer)
Network forensics (Netdiscover; Wireshark, Zenmap, Zenmap as root)

Other interesting Programs:

Guymager is a fast, open-source, graphical tool for creating disk images. Guymager has support for raw dd images, as well as EO1, and AFF image formats. The latter two image formats are commonly used in the digital forensics community because they provide the ability to store metadata about the disk image. I tested this tool using a 2gb usb stick that had 1GB of data on it. Guymager successfully created an image of the contents and added a .info file with metadata about the drive.

Fmount – (Forensic Mount) a bash script to detect and/or mount allocated partitions as read-only. Fmount successfully mounted the image that I created Guymager. It was mounted in /media/evidence/evidence_vol10). The contents were as accessible to me as the original.

Autopsy is a digital forensics tool and graphical interface to the Sleuth Toolkit and other digital forensics tools. For this tool, I connected an external hard drive and added it to the case locker, then ran an analysis on it. Was able to open individual sectors, as well as blocks of sectors, and view the content…in ASCII, Hex, ASCII Strings. It was all very interesting and all done from the comfort of a browser.

Fred – Forensic Registry Editor cross platform Microsoft registry hive editor with special features useful during forensic analysis. The user interface resembles the regedit interface: two panels. Fred also has a hex viewer area at the bottom right. Anything that is stored in the registry is available to Fred. For example, What was  last time that a user opened a .doc file, What was the last program a user ran using the Start->Run dialog.

Zenmap – basically nmap designed to make it easier to use for beginners.

Photorec – PhotoRec is file data recovery software designed to recover lost files including video, documents and archives from hard disks, CD-ROMs, and lost pictures (thus the Photo Recovery name) from digital camera memory. PhotoRec ignores the file system and goes after the underlying data, so it will still work even if your media’s file system has been severely damaged or reformatted. I ran it on an external hard drive (1TB in size). Before I stopped it, it had found 22 files, over half of which were mpg files. The recovered files are placed into a separate directory in your home directory. I was curious whether I could play the recovered files. I could, although several libraries had to be installed to support playback of the format.

The only thing that was a little confusing about Caine was the root user. It appeared that I was taking


If you need to conduct a forensic examination, CAINE has the tools you need.


Tech News:


Linus Torvalds Regrets Alienating Developers with Strong Language

Tor Browser 4.0 is released


Munich sticks with Free Software


Mozilla’s New Magazine

PC-BSD at Ohio Linux Fest




KDE Korner



The Security Bit

This POODLE Bites: Exploiting The SSL 3.0 Fallback

Listener Feedback:

show (at) smlr.us or 734-258-7009

Outtro Music

Back in the Future (Acid edit) by ISItheDreaMakeR

This content is published under the Attribution-Noncommercial-Share Alike 3.0 Unported license.

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2011-2023 Sunday Morning Linux Review All rights reserved.
This site is using the Desk Mess Mirrored theme, v2.5, from BuyNowShop.com.