Christophe I think this is a useful idea. I have been doing something similar manually on our forensics machines in the office but it would be much easier to just tasksel 'forensics' and call it a day. All of your suggestions are good. Some other things that may be of value:
o disallow mounting of external swap partitions o associate certain mime types (ie. txt, .doc) with read only viewers (ie. browser, doc viewer) o force journaled filesystems to loop mount (ie. 'ext3 -o ro,loop') to prevent journal recovery I don't have any experience with tasksel but if you are looking for assistance I would be happy to help where I can. Derrick On Tue, Feb 22, 2011 at 1:03 AM, Christophe Monniez <christophe.monn...@fccu.be> wrote: > Hi all, > > As the activity is coming back in the debian forensics list, I would > like to discuss the idea of a forensics tasksel. > > I have no experience with tasksel but it seems to be a good idea to have > forensics tasksel implemented. > > I have a lot of people asking me what do they need to do when installing > a debian distribution for forensics purpose. > > Here are a few ideas where tasksel could help us: > > - Installing all the forensics packages + a few useful packages. > - Disabling any automount feature of the different graphical installers. > - Adding an /etc/sudoers.d/forensic file to give the forensics people > the ability to mount systems without being root and maybe without > password. > - Allow more loop devices than 8 > - Modifiy initramfs in order to not modify disks at boot time. > - ... > > 1) Do you thinks it's a good idea ? > 2) Do you have any experience with tasksel and would like to help ? > 3) Do you have other ideas ? > > > -- > Christophe Monniez <christophe.monn...@fccu.be> > > > _______________________________________________ > forensics-devel mailing list > forensics-devel@lists.alioth.debian.org > http://lists.alioth.debian.org/mailman/listinfo/forensics-devel > _______________________________________________ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/forensics-devel