* Ralf Moll ralf-info@family-moll.de [20060918 14:15]:
I'm a german police officer and sick of all the boot-cds around. I want to build a boot-cd / pxe-image for me and other people around based on grml because I like shell and debian / ubuntu.
Great. :)
Currently I'm using a customized HELIX CD
which is quite ok but "difficult" to customize.
My plans are building ONE grml with the forensic tools I need or (which would be better) include all tools in the official grml-cd.
Ok.
I need a CD for booting outside our lab and a pxe-version inside our lab.
The pxe-part rocks already.
Great. :)
I hope you already know grml-terminalserver. :) If you don't use grml-terminalserver the grml_netboot_package might be interesting for you, take a look at http://wiki.grml.org/doku.php?id=terminalserver
So here are the things I need to include:
- libewf - Free tool to create and write back EnCase-Images
- https://www.uitwisselplatform.nl/projects/libewf/
I don't see any problems in adding this to main grml (it's available under the BSD license).
I just created a preliminary libewf-20060820_1-1_i386.deb package. I'll improve some minor stuff and the final package should be available within in the next few hours/days via the grml-repository. So the next devel-release (see http://grml.org/beta-tester/ for details) will very probably contain this software already.
- A.I.R. Cloning HDs for mausschubser ;)
- http://air-imager.sourceforge.net/
GPL, that's fine. But it has an absolutely braindread and even broken install script (install-air-1.2.8, 165K) and depends on perl-tk which would need ~10MB of additional space on grml. :(
So the easiest way to run AIR is a short shellscript like http://grml.org/tmp/get-air which does the job. I'll add an shell function named getair (like getskype, getgizmo, get_tw_cli,... we already have) so it's easy to install on demand.
Is there any other software you use for your forensic work and which should become part of grml?
Additionally it would be cool to add a special hot-plug scipts for hds: if there is a scpecial id-file / volume-name automatically mount the hd as /media/destination-hd for faster hd-cloning.
The current develrelease (grml 0.8-1) already provides support for fs-labels, so will you have to run only 'mount /mnt/$LABEL' to mount the partition containing a filesystem named $LABEL. (The release is available for beta-testers, if you are interested in testing just let me know and I'll give you access to the ISO.)
So, how can I do this and is there someone around who want's to help me?
Sure. :)
First of all one question: how can i add a additional dir to the cd for running e.g. libewf if I boot the "normal" grml v0.8 via PXE / NFS? Or can I place the unzipped ISO-Content in a NFS-Share and do there all the modifications I need?
Installing the package on the NFS-server makes it vissible to the NFS-client. :)
If you want to install additional software either install the software manually, use the configuration framework (see http://grml.org/config/ - you can run your own scripts this way) or remaster grml (http://wiki.grml.org/doku.php?id=remastering + http://grml.org/solutions/)
Further I will create a forensic-page in the grml-wiki and do the doku.
I just created http://wiki.grml.org/doku.php?id=forensic so you can drop in your stuff there.
regards, -mika-