Devil-Linux is a special secure Linux distribution which is used for firewalls, routers, gateways, and servers. The goal of Devil-Linux is to have a small, customizable, and secure Linux system. Configuration is saved on a floppy disk or USB stick, and it has several optional packages. Devil-Linux boots from CD, but can be stored on CF cards or USB sticks.
Tin Hat is a Linux distribution derived from hardened Gentoo. It aims to provide a very secure, stable, and fast desktop environment that lives purely in RAM. Tin Hat boots from CD, or optionally USB pen drive, but it is not a LiveCD in that it does not mount any file system from the boot device. Rather, Tin Hat employs a massive squashfs image which expands into tmpfs upon booting. This makes for long boot times, but remarkable speeds during human-computer interaction.
Ubuntu Privacy Remix is a modified live CD based on Ubuntu Linux. UPR is not intended for permanent installation on a hard disk. The goal of Ubuntu Privacy Remix is to provide an isolated working environment where private data can be dealt with safely. The system installed on the computer running UPR remains untouched. It does this by removing support for network devices as well as local hard disks. Ubuntu Privacy Remix includes TrueCrypt and GnuPG for encryption and introduces "extended TrueCrypt volumes".
Grml is a live system (live CD) based on Debian. It includes a collection of GNU/Linux software especially for system administrators and users of texttools. It provides automatic hardware detection and its default shell is the zsh. You can use it e.g. as a rescue system, for analyzing systems/networks, or as a working environment. It is not necessary to install anything to a hard disk; you don't even need a hard disk to run it. Due to on-the-fly decompression, it includes more than 2 GB of software and documentation on the CD.
INSERT (the Inside Security Rescue Toolkit) aims to be a multi-functional, multi-purpose disaster recovery and network analysis system. It boots from a credit card-sized CD-ROM and is basically a stripped-down version of Knoppix. It features good hardware detection, fluxbox, emelfm, links-hacked, ssh, tcpdump, nmap, chntpwd, and much more. It provides full read-write support for NTFS partitions (using ntfs-3g), and the ClamAV virus scanner (including a fairly recent signature database and a GUI). It provides partition handling with gParted and also has a network boot facility.
The Auditor security collection is a live-system based on KNOPPIX. It provides tools for analyzing the security of a system. It features a menu structure that reflects the stages of a security check: foot-printing, analysis, scanning, wireless, brute-forcing, cracking. In addition to about 300 security tools, the collection includes background information regarding standard configuration and passwords, truly extensive word lists, and more mundane productivity tools.
ThePacketMaster Linux Security Server is a CD-based security auditing tool that boots and runs penetration testing and forensic analysis tools. It is handy for security auditors. Some tools included are nessus, ethereal, The Coroner's Toolkit, chntpw, and minicom. It includes modules for any Linux 2.4.20 SCSI driver.