Orion Incident Response Live CD 4
14. Tested Configurations
So far Orion has
been tested using the following hardware and installation configurations.
Macbook Pro 13” Macbook Pro 13”
Live CD on bare hardware Live CD in VMware from .iso Installed on hard drive Live CD boot direct on bare metal Installed on hard drive Live CD in VMWare
direct from DVD Live CD from .iso in VMWare
Slow due to DVD access. Good graphics support. Live CD using ISO is much faster
Fast. Good graphics support.
Slow. Poor graphics support.
Fast, but poor graphics support.
Heavy access of DVD
Orion contains a significant number of scripts, tools, and incident response capabilities, it really only scratches the surface of the author’s vision for it. There are many ideas that have not been implemented in the current version of Orion (Alpha). Examples of features being researched for future versions of Orion include:
More sophisticated tunneling techniques such as Miredo (IPv6)
More sophisticated awareness and containment capabilities, such as:
Deployment of honey tokens for detection
BotHunter or similar botnet detection tools
OSSEC to supplement local defenses
Significantly more analysis and visualization tools
Virtualization platform that can be redistributed
Videos, tutorials, and other Quick Start documentation