Projects / FCCU GNU/Linux Forensic Bootable CD

FCCU GNU/Linux Forensic Bootable CD

FCCU GNU/Linux Forensic Bootable CD is a bootable CD based on Debian-live that contains a lot of tools suitable for computer forensic investigations, including bash scripts. Its main purpose is to create images of devices prior to analysis, and it is used by the Belgian Federal Computer Crime Unit.

Tags

Recent releases

  •  07 Oct 2008 17:52

    Release Notes: The ability to start in non-graphical mode by passing "live 3" as a boot parameter. An updated version of Guymager (0.3.1). Two Windows tools to copy Win32 memory (including Vista): win32dd and mantech mdd. The memory analysis tool Volatility was added. The registry analysis tool regripper was added. aeskeyfinder and rsakeyfinder were added. A better starting Web page and a better description of the tools on the CD. An updated version (0.40) of the Perl library Parse-win32Registry. Version 3.3.4 of afflib. Many other updates.

    •  06 Jan 2008 14:56

      Release Notes: The CD is now based on the Debian Live Project. There is a graphical user interface by default (xfce4). A new graphical tool, GuyMager, is used for forensic copy. GuyMager supports Encase ewf images (through libewf), and it makes intelligent use of multi-core CPUs in a way that compressed copies will be done faster than uncompressed ones. A new low interaction honeypot, Amun, was added.

      •  19 Oct 2006 05:45

        Release Notes: This release adds a new set of tools that allow an investigator to capture the memory from another host trough the Firewire bus, even if the target host is an MS Windows box. A new tool to retrieve images from Thumbs.db (MS win thumbnails cache) was added. Rdd, a new forensic image acquisition tool, was added. A lot of other tools were added and upgraded.

        •  30 Jan 2006 12:23

          Release Notes: A PXE boot feature was added to search keywords in large scale networks. An MS eventlog viewer and a registry viewer were added. mwcollect and nepenthes were added to ease malware hunting. Lots of packages were added.

          •  09 Sep 2005 09:29

            Release Notes: This release is based on Knoppix 3.9 with the slow USB (UB) driver removed. A lot of new packages were added, including mork.pl, a tool to read firefox history, fccu-docprop to read MS OLE doc properties, and dd_rhelp to ease the use of dd_rescue. Most of the packages were upgraded to the latest versions, including The Sleuthkit.

            Screenshot

            Project Spotlight

            OpenStack4j

            A Fluent OpenStack client API for Java.

            Screenshot

            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.