BackTrack4 Sneak Peek Shows New Forensic Capabilities

BackTrack 4 Pre Final Sneak Peek was released to Informer Blog subscribers last week. Informer, created by Johnny Long and his Hackers For Charity organization, is a fundraising program to help feed children in East Africa, and its blog "is designed to give subscribers a 'backstage pass' to the world of Information Security" by providing access to prereleases of tools, papers, and book chapters.BackTrack 4, which will be released publicly in a few weeks, is the premier (and free) penetration-testing bootable Linux LiveCD. Countless presentations have been based around it. It includes pretty much every free and open-source tool you'll need during a pen test. The Offensive Security team even offers what is supposed to be fantastic training based on BackTrack, followed by a 24-hour, hands-on practical to prove you know your stuff.

What's new? Expect plenty of new and updated tools, easier ways to install to your hard drive or to a bootable USB thumb drive, and much more. What has me excited is a "forensic mode" that causes BackTrack to boot without automounting any file systems on a system's hard drives. In the past, drives and swap partitions would be mounted at boot time, thereby ruling out any forensic soundness of tool.

Adding forensic capabilities to BackTrack is a great step forward considering how many times I've seen well-intentioned, yet misguided people recommend using previous versions for forensics since some forensic tools were included already. Someone was always quick to interject that BackTrack wasn't forensically sound, and that a CD like Helix should be used. But with e-fense's recent move to commercialize Helix, it's nice to see another option that can fill the void.

Is BackTrack ready to solve some of your forensic problems? To answer that, I'll leave you with this straight from muts from Offensive Security:

So, can you trust Backtrack 4 for forensic purposes? Well, not until you verify it as well! Just like any forensic tool, it's negligent to just take someone else's word that any tool works properly. It's up to you to independently verify the tool before you use it. We expect your results will match ours, and you will find Backtrack 4 is going to be a great addition to your tool set.

John H. Sawyer is a senior security engineer on the IT Security Team at the University of Florida. The views and opinions expressed in this blog are his own and do not represent the views and opinions of the UF IT Security Team or the University of Florida. When John's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading.