Knoppix
June 3, 2004 9:33 PM   Subscribe

I picked up the latest version of knoppix, and since this being my first time using Linux, I love it. Something sparked in my mind, and I wanted to ask anybody if corporate hackers use knoppix to do work, then reboot to wipe any data? Is knoppix known to be evidence friendly? I am not asking if it is or not, I am asking if it is known to be.
posted by Keyser Soze to Computers & Internet (8 answers total)
 
I use Knoppix at work from time to time, but generally just bring my Unix laptop from home.

What's "evidence friendly" mean?
posted by majick at 9:41 PM on June 3, 2004


Response by poster: If the government wanted to search your computer for evidence, knoppix wouldnt hold any after a reboot.
posted by Keyser Soze at 9:59 PM on June 3, 2004


If you save something to the hard drive, it's saved to the hard drive, regardless of what you use to boot the system. You're not going to be able to save anything to the Knoppix boot cd, if that's what you mean. If you do anything naughty on the network, it'll be identifiable by the computer's IP address (however that's defined) and, possibly, its MAC address.
posted by mr_roboto at 10:03 PM on June 3, 2004


A Knoppix system doesn't persist any data unless you explicitly tell it to do so. While it will attempt to mount any partitions found on the machine it boots, it won't write to them without your say-so.

Many users who lug boot CDs around like to carry a little USB dongle to act as their home directory, but if you don't care to store anything locally or on your person you don't even need that. Access to a remote data store would make that work nicely.

Installed, Knoppix makes for a pretty decent -- if a bit hard to maintain because of the number of Knoppix-specific packages installed -- Debian box, as well.
posted by majick at 10:06 PM on June 3, 2004


I don't use it myself, but my understanding is that the Knoppix-STD distru is specifically packaged with "security" tools, so that may be what you want.
posted by willnot at 10:25 PM on June 3, 2004


If it doesn't touch the hard drive, even to create a swap partition, I don't know how anyone short of the NSA could trace what you did on the system given only access to the PC you used to boot Knoppix. I do recal reading that it was theoretically possible to electrically recover data from your RAM even after the system has been powered off, but that's some pretty heavy spook stuff.
posted by Voivod at 11:36 PM on June 3, 2004


If the lack of "evidence" left behind is all you care about, though, knoppix is not the only option. You could even boot from a floppy with minix on it.
posted by bingo at 10:27 AM on June 4, 2004


You may also be interested in Morphix, too.
posted by Hackworth at 8:40 PM on June 4, 2004


« Older Looking for Simple, Lightweight Interface (not...   |   What is this musical motif Newer »
This thread is closed to new comments.