-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi Michael,
I hope you already know grml-terminalserver. :) If you don't use grml-terminalserver the grml_netboot_package might be interesting for you, take a look at http://wiki.grml.org/doku.php?id=terminalserver
Hmm, if I want to use the terminalserver I've to install a complete grml on my server. With the pxe-netboot-package I can use the grml-cd for our network like being outside having only the grml cd.
I don't want to change my server-os and in additions to that I want the same enviroment for forensic analysis in out net over pxe-boot and outside via cd-boot.
I just created a preliminary libewf-20060820_1-1_i386.deb package. I'll improve some minor stuff and the final package should be available within in the next few hours/days via the grml-repository. So the next devel-release (see http://grml.org/beta-tester/ for details) will very probably contain this software already.
Great. That's one of the most important tools for me.
- A.I.R. Cloning HDs for mausschubser ;)
- http://air-imager.sourceforge.net/
GPL, that's fine. But it has an absolutely braindread and even broken install script (install-air-1.2.8, 165K) and depends on perl-tk which would need ~10MB of additional space on grml. :(
Ok, that's bad. Maybe Adepto is better. I contacted the author and post the result here later.
So the easiest way to run AIR is a short shellscript like http://grml.org/tmp/get-air which does the job. I'll add an shell function named getair (like getskype, getgizmo, get_tw_cli,... we already have) so it's easy to install on demand.
Ok, for forensic analysis the pc are regularly not connected to the internet, so the getair-script doesn't make sense. So I have to do it without A.I.R.
Is there any other software you use for your forensic work and which should become part of grml?
Look at http://wiki.grml.org/doku.php?id=forensic BTW: How can I create an account? ;-) Didn't find the "sign in"....
The current develrelease (grml 0.8-1) already provides support for fs-labels, so will you have to run only 'mount /mnt/$LABEL' to mount the partition containing a filesystem named $LABEL. (The release is available for beta-testers, if you are interested in testing just let me know and I'll give you access to the ISO.)
hmm, that's a good start. so every user should know his harddisk-name and nothing can go wrong.
So, how can I do this and is there someone around who want's to help me?
Sure. :)
Cool :)
First of all one question: how can i add a additional dir to the cd for running e.g. libewf if I boot the "normal" grml v0.8 via PXE / NFS? Or can I place the unzipped ISO-Content in a NFS-Share and do there all the modifications I need?
Installing the package on the NFS-server makes it vissible to the NFS-client. :)
But only for the terminalserver-stuff. The pxe just mounts the grml-file from the cd.
If you want to install additional software either install the software manually, use the configuration framework (see http://grml.org/config/ - you can run your own scripts this way) or remaster grml (http://wiki.grml.org/doku.php?id=remastering + http://grml.org/solutions/)
The author of the helix cd http://e-fense.com/helix/ did create a dir CDROM:/Addon which is not in the knoppix-image, but on the cd-root. The dir is included in the path. So every dummy user can just add his own tools to the CDROM:/Addon dir even via Windoze ISO-Tools and burn his "private" cd with a few new programms. Every easy customizing :)
Further I will create a forensic-page in the grml-wiki and do the doku.
I just created http://wiki.grml.org/doku.php?id=forensic so you can drop in your stuff there.
I alread wrote down some stuff.
Looking forward to a cool project,
ramon