Orion Incident Response Live CD
2009). While NST is not focused specifically on incident response, it does include many tools for that purpose and provides some unique capabilities for secure communication – such as creation of ppp-over-ssh tunnels for communication between NST hosts. NST has different installation modes that let the same distribution be deployed as a management server, a sensor, or a number of other configurations.
Securix-NSM is a Live CD based on the principles of Network Security Monitoring (Securix-NSM, 2010). NSM is a methodology that relies on situational awareness, expertise of the analysis team, and gathering as much network traffic data as the organization will allow. Securix-NSM provides network traffic sensors using snort as well as management servers and clients using Sguil, an aggregation tool for the network monitoring data.
4.7. DEFT Linux
DEFT Linux is a Linux 2.6.31 based Computer Forensics Live CD with a variety of file and network forensics tools, including the Xplico graphical network traffic analysis tool (DEFT Linux - Computer Forensics live cd, 2010). DEFT has an attractive user interface based on LXDE (the “Lightweight X11 Desktop Environment”). The DEFT web site also provides the DEFT Extra Computer Forensic GUI. This tool is similar in concept to the HELIX bootable Windows toolkit. It provides imaging and analysis tools that can be directly run from read-only media.
4.8. HeX System 2.0
HeX is rather closely aligned with the design goals of Orion. Its focus, however, is also on Network Security Monitoring – generally pre-incident analysis work – rather than incident response (geek00l, 2010). It does include some collaboration tools, such as the Pidgin instant messaging client and a lightweight IRC client. However, there is no root password and no additional hardening, so HeX is clearly intended to be used in trusted environments.