Orion Incident Response Live CD
Palantir is a product of Palantir Technologies. The original inspiration for Palantir was Incident 216 as documented in the original Palantir report (Khurana, Basney, Bakht, Freemon, Welch, & Butler, 2009). Palantir appears to be a very excellent analysis and collaboration platform, but is not based on bootable media and is not an open source framework.
5. What is Orion?
Orion is a customized version of BackTrack 4 that adds tools to support the secure collaboration, incident tracking, and analysis goals of the project. BackTrack was chosen as the base for Orion because it is a respected Linux-based security distribution that comes pre-installed with a number of security tools. Since BackTrack 4 is now based on Ubuntu Linux, it is easy to customize using the aptitude installer and install using tools such as remastersys and ubiquity (Ubuntu Home Page, 2010).
The packages listed in Appendix B were removed because they are intended primarily as attack tools. Other tools have been added to support the analysis and collaboration goals. These full list of tools added to create Orion are listed in Appendix A. Some of the more important ones include:
Collaboration Tools: o Citadel: o ssvnc: o X11vnc: Case Tracking: o Incident Response Questionnaire (custom): A web-based form to gather details, help triage, build the team, and create complete and feature-rich groupware server VNC viewer sessions tunneled over SSH/SSL VNC server for real X displays
a new incident ticket
Request Tracker for Incident Response
IP Network transaction auditing tool