This wiki was updated to MediaWiki 1.37. If you notice any issues, please report them to admin[at]

openSUSE:DFIR Live CDs/Thumb Drives

Jump to: navigation, search
The DFIR (Digital Forensic / Incident Response) community utilizes Boot CDs and Thumb Drives to performs its activities. openSUSE provides the ultimate ability to customize a boot CDs and thumb drives for the needs of the DFIR community.
Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Please refer to Help:Editing in order to write a quality approved article.

DFIR Boot Media

Many Digital Forensics / Incident Response professionals depend on boot disks. there are many to choose from based on Linux in general. One of the more powerful boot disks is SIFT from SANS. If none of the disks here appear satisfactory, it should be considered.

Suse Studio Gallery

Suse Studio is an automated appliance disk creator. An appliance can be a boot CD, thumb drive image, vmware instance, etc.

It includes a gallery of publicly available appliances. Getting an account on Suse Studio is free.

The below appliances have been published via the gallery and are available for download. In addition, anyone with a Suse Studio account can clone the below and customize their clone as they desire.

If you are interested in any of the below, but feel they are missing specific packages you would like, see the DFIR portal page for a complete list of both disk and network forensic applications available in openSUSE.

Ethical Hacking tools are not yet documented there.

A Computer Forensic appliance --- DFIR openSUSE GNOME desktop

DFIR openSUSE GNOME desktop -

DFIR is focused on computer forensic tools, but it also has a number of tools from the network forensics toolset.

Due to it's focus on computer forensics, it does not have the network interface enabled by default.

A Network Forensic appliance --- CSI Linux

CSI Linux -

CSI Linux is based on openSUSE 11.3, It has both disk and network forensic tools, but appears to focus on network tools.

A Ethical Hacking appliance - Cybertrack

Cybertrack -

Cybertrack is based on openSUSE 11.4, It is focused on ethical hacking tools. It appears that all of its applications come from the main official repositories.

A System Recovery appliance - 84-hope

84-hope -

84-hope is based on openSUSE 11.3, It is focused on repair of unbootable/damaged computer systems after a system crash, manage/rescue networks(win/nix), create and restore backups and of course undelete removed or damaged files and partitions on cd/dvd, ext, ntfs, vfat file systems.

84-hope uses applications from various home repositories. Packages in home repositories are the least trust-worthy on OBS and therefore 84-hope should be used with caution.

Non openSUSE Boot CDs


Heading 2




Team members

Mailing list

See also

Related articles

External links