Debian Forensics Tasksel

[Derrick Karpo]

Christophe I think this is a useful idea.  I have been doing something
similar manually on our forensics machines in the office but it would
be much easier to just tasksel 'forensics' and call it a day.  All of
your suggestions are good.  Some other things that may be of value:

  o disallow mounting of external swap partitions
  o associate certain mime types (ie. txt, .doc) with read only
viewers (ie. browser, doc viewer)
  o force journaled filesystems to loop mount (ie. 'ext3 -o ro,loop')
to prevent journal recovery

I don't have any experience with tasksel but if you are looking for
assistance I would be happy to help where I can.

Derrick


On Tue, Feb 22, 2011 at 1:03 AM, Christophe Monniez
<christophe.monniez at fccu.be> wrote:
> Hi all,
>
> As the activity is coming back in the debian forensics list, I would
> like to discuss the idea of a forensics tasksel.
>
> I have no experience with tasksel but it seems to be a good idea to have
> forensics tasksel implemented.
>
> I have a lot of people asking me what do they need to do when installing
> a debian distribution for forensics purpose.
>
> Here are a few ideas where tasksel could help us:
>
> - Installing all the forensics packages + a few useful packages.
> - Disabling any automount feature of the different graphical installers.
> - Adding an /etc/sudoers.d/forensic file to give the forensics people
> the ability to mount systems without being root and maybe without
> password.
> - Allow more loop devices than 8
> - Modifiy initramfs in order to not modify disks at boot time.
> - ...
>
> 1) Do you thinks it's a good idea ?
> 2) Do you have any experience with tasksel and would like to help ?
> 3) Do you have other ideas ?
>
>
> --
> Christophe Monniez <christophe.monniez at fccu.be>
>
>
> _______________________________________________
> forensics-devel mailing list
> forensics-devel at lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/forensics-devel
>