What's new? Expect plenty of new and updated tools, easier ways to install to your hard drive or to a bootable USB thumb drive, and much more. What has me excited is a "forensic mode" that causes BackTrack to boot without automounting any file systems on a system's hard drives. In the past, drives and swap partitions would be mounted at boot time, thereby ruling out any forensic soundness of tool.
Adding forensic capabilities to BackTrack is a great step forward considering how many times I've seen well-intentioned, yet misguided people recommend using previous versions for forensics since some forensic tools were included already. Someone was always quick to interject that BackTrack wasn't forensically sound, and that a CD like Helix should be used. But with e-fense's recent move to commercialize Helix, it's nice to see another option that can fill the void.
Is BackTrack ready to solve some of your forensic problems? To answer that, I'll leave you with this straight from muts from Offensive Security:
So, can you trust Backtrack 4 for forensic purposes? Well, not until you verify it as well! Just like any forensic tool, it's negligent to just take someone else's word that any tool works properly. It's up to you to independently verify the tool before you use it. We expect your results will match ours, and you will find Backtrack 4 is going to be a great addition to your tool set.
John H. Sawyer is a senior security engineer on the IT Security Team at the University of Florida. The views and opinions expressed in this blog are his own and do not represent the views and opinions of the UF IT Security Team or the University of Florida. When John's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading.