Orion Incident Response Live CD 4
BackTrack is a very successful Live CD for penetration testers. Although many information security professionals keep BackTrack in their toolkit, it does not provide the tools needed by security incident responders. Orion is an attempt to leverage the things that make BackTrack successful -- such as an easy to use and install distribution, a comfortable user interface, and an exemplary collection of tools -- and add the capabilities needed by incident response teams. Those include team communication, collaboration, and case tracking tools. Orion provides those as well as acquisition, awareness, and analysis software. Custom wrapper scripts tie these tools together. Finally, some report templates and even report writing tools are included to help the team report in a thorough and consistent manner.
Albert, C., Dorofee, A. J., Killcrece, G., & Zajicek, M. (2004). Defining Incident Management Processes for CSIRTs: A Work in Progress. Pittsburgh: Software Engineering Institute, Carnegie Mellon University.
Best Practical. (2010). RTIR: RT for incident response. Retrieved March 12, 2010, from Best Practical web site: http://bestpractical.com/rtir/
DEFT Linux - Computer Forensics Live CD. (2010). Retrieved March 10, 2010, from http://www.deftlinux.com/
e-fense, Inc. (2009). Helix3 Pro 2009R2 User Manual. Centennial: e-fense, Inc.
geek00l. (2010). raWPacket. Retrieved March 11, 2010, from HeX: http://www.rawpacket.org/projects/hex/
Gianluca, C., & De Franceschi, A. (2010, March 9). Internet Traffic Decoder, Network
Forensics Tool (NFAT). Retrieved April 17, 2010, from Xplico web site: http://www.xplico.org/