Skip to content

The farmer's boot cd

THE FARMER'S BOOT CD (FBCD) is a Linux bootable CD developed by Thomas Rude.

Taking a different approach than other Live CDs, this CD was designed and optimized for previewing systems before acquiring. It contains a number of programs forensic practitioners can utilize to preview both Windows and Linux systems in a forensically sound manner.

Preview Capabilities

THE FARMER'S BOOT CD has been designed for previewing both Windows and Linux systems. On-site previews before acquisitions is an emerging trend in the U.S.A. due to legal and technological reasons.

Below is a short list of what can be accomplished in a simple GUI on this CD;

  • Mount file systems read-only, including journalled file system types
  • Obtain a list of deleted files for ext2, FAT12/16/32, and NTFS file system types
  • Undelete deleted files from NTFS file systems
  • Obtain both E-mail and URL addresses from the Windows "pagefile.sys" file
  • Read the Recycle Bin INFO2 records
  • Read Windows event log files (AppEvent.Evt, SecEvent.Evt, SysEvent.Evt)
  • Read many log files from Linux systems (shell histories, system logs, security logs, accounting logs, etc.)
  • Obtain file system metainformation (creation date, last mount and write date, version, label, UUID, etc.)
  • Parse Internet cache files from IE, Mozilla, and Opera, pulling cookies and histories
  • Catalog target file system, selecting files of interest by extension or header
  • Convert date/time between UNIX 32bit, UNIX hex, human readable, Windows 64bit, and Windows hex
  • Generate thumbnails for all graphics in fully qualified path filename
  • Obtain drive information (serial number, make/model, firmware, HPA status, etc.)
  • Obtain system BIOS table information (serial numbers, dates, UUIDs, etc.)
  • Obtain system hardware catalog
  • Double-clicking on most common file types opens them (Documents, Graphics, Presentations, Movies, Audio, etc.)