0000843: Improve forensic mode - Kali Linux Bug Tracker

ID	Project	Category	View Status	Date Submitted	Last Update

0000843	Kali Linux	General Bug	public	2014-01-05 20:32	2018-01-29 10:59

Reporter	mark_k	Assigned To	g0tmi1k
Priority	normal	Severity	feature	Reproducibility	have not tried
Status	closed	Resolution	suspended
Product Version	1.0.5

Summary	0000843: Improve forensic mode
Description	This is a suggestion to improve forensic mode. Forensic mode could provide more protection against inadvertently/accidentally writing to a drive. A goal should be that the user must perform some affirmative action to allow anything to write to the drive. Currently partitions are not auto-mounted in forensic mode. But if the user wants to mount a partition, they have to: Remember to use the "ro" (read only) mount option (and maybe noatime for some filesystems?) Are dependent on the filesystem being nice and obeying "ro". Some don't, for example ext3/ext4 replay the journal even when you mount ro. You have to specify the noload option to prevent that. With both those points, it's very easy for a user to accidentally cause the disk to be written to. A couple of suggested solutions. Probably neither is very easy to implement though... Make all block devices default to read-only when they are created. The user would have to manually do e.g. blockdev --setrw /dev/sdb before being able to mount the device read-write. Make loop,ro default mount options. That causes the loopback device to be read-only, so filesystems can't ignore that and write to disk anyway. The user would have to manually specify rw or noloop,rw when mounting to mount read/write. The first one is better I think.

g0tmi1k 2018-01-29 10:59 administrator ~0007947	Due to the age of the OS (Kali Moto [v1], Kali Safi [v2], Kali Rolling 2016.x), these legacy versions are no longer supported. We will be closing this ticket due to lack of inactivity. Please could you see if you are able to replicate this issue with the latest version of Kali Linux - https://www.kali.org/downloads/)? If you are still facing the same problem, feel free to re-open the ticket. If you choose to do this, could you provide more information to the issue you are facing,and also give information about your setup? For more information, please read: https://kali.training/topic/filing-a-good-bug-report/

Date Modified	Username	Field	Change
2014-01-05 20:32	mark_k	New Issue
2018-01-29 10:59	g0tmi1k	Assigned To	=> g0tmi1k
2018-01-29 10:59	g0tmi1k	Status	new => closed
2018-01-29 10:59	g0tmi1k	Resolution	open => suspended
2018-01-29 10:59	g0tmi1k	Note Added: 0007947