A live CD is a bootable CD-ROM disk that loads an operating system and has the ability to perform a specific set of tasks or functions.
Live CD Minimum Requirements
A system must have the following components to boot a live CD. Some items, such as a computer case, isn’t really necessary for a computer to function, but is expected to protect the computer components from the environment and other hazards that might damage them. All components should be assembled properly to create a working computer system.
- A Computer Case
- A System Power Supply (Usually included with the Case)
- A System Motherboard
- A Microprocessor
- System Memory
- A Video Card, sometimes called a Display Adapter
- A Boot Device, such as a Floppy, CD-ROM or thumb drive
- A Keyboard
- A Mouse in some cases may make navigation easier
- Live CD media
History of Live CDs
The origin of the live CD was not a CD at all, but a bootable floppy disk. Many operating system vendors, hardware manufacturers, and anti-virus developer’s produced bootable floppy disks with a base operating system to perform functions that were not always possible with an operating system already running. A few examples are below:
- Hard disk manufacturers distributed bootable floppy disks to allow the system user to test their hardware products without having an operating system in the way, and for consistency in testing configurations.
- Anti-virus software developers provided bootable floppy and CD-ROM disks to allow the user to boot his system in a known safe condition, so any virus infections on their machine would not interfere with the virus testing software. Initially write-protected floppies were used to prevent infection from spreading from the tested system, but before long live CD media was used because they were cheaper to produce and were considerably faster for testing.
- System manufacturers and distributors ship a set of recovery floppies or a live CD to allow for a recovery of a broken operating system, or to re-baseline a system that needed to be reloaded for any reason. This allowed more novice users to perform work they were originally incapable of performing.
- Operating system developers provide a live CD environment to test system components, to install a new baseline operating system, or to recover a broken or otherwise corrupted operating system.
- Some public domain and third party software packages use a live CD solution to test all computer hardware components without operating system intervention. This assists in preventing false negative results on test related to operating system bugs and limitations.
Live CD implementations today
Many free operating systems, such as with many Linux, FreeBSD, and OpenBSD distributions, provide a live CD media set so people can test whether the operating system will run properly on their system hardware, test whether the operating system meets their needs, or for purely learning purposes. In some cases these live CD solutions require some sort of additional removable storage, such as a floppy or thumb drive, to retain important configuration data, since CD file systems are not easily rewriteable.
Special purpose Live CD media is available to perform specific functions, some of these functions include:
- A diskless firewall device that can be places in an environment that a hard disk might be negatively affected by.
- A diskless firewall device that can be moved from system to system without additional efforts to make the operating system work appropriately.
- A system capable of performing security audits and penetration testing capabilities without having to dedicate specialized systems to perform those functions. A baseline system of this nature is required to keep testing results consistent.
- A system capable of performing data recovery functions on systems that have recently suffered a hard isk crash or accidental deletion of needed data.
- A system capable of performing forensics or using other investigative means to provide data for legal or root cause analysis of a specific system without affecting the data on the system directly.
How a Live CD Works
A live CD does not rely on normal storage means to provide access to data and operating system needs. Because of this, the mindset used for storing and accessing data had to be changed. Originally, the live CD solutions utilized floppies and CD-ROM disks as if they were hard disks, but with limited storage on a floppy and slow read times on floppies and CD-ROM something had to be done. Using a live CD was really a trial of patience and persistence.
A live CD system performs the following functions to become operational. This is a generic list of operations and each live CD system may diverge from this list in some ways, or may perform these operations in a different order based on the developers goals and needs. It is only here to assist users in understanding how a live CD works:
- System BIOS initializes all hardware it has knowledge and control over
- System BIOS looks in its ordered list of boot devices, attempting to find a device with a boot block it can understand
- BIOS relinquishes control to the boot device boot block, causing the initial operating system to load (in this case from a live cd)
- The live CD operating system detects hardware attached to the system. Not all hardware is detected at the same time. Normally system board resources are detected first, such as ISA and PCI controllers, processor resources, memory buses and otherwise. Only after all base system resources are detected are the system components attached to those resources detected. Order of detection is very important.
- The live CD operating system loads up drivers for hardware it has detected, and provides a baseline configuration for those devices based on system BIOS configuration for them, and any reasonable baselines the developer feels are necessary to make the system usable.
- After hardware and driver initialization is completed, the live CD operating system creates an area in RAM or a “ram disk” to store required or necessary operating system components. This is a critical step, since RAM is rewriteable, is flexible for storage, and is high speed access for read and write.
- The live CD operating system then loads operating system components into the ram disk
- The system loads up services and applications needed for live CD functionality
- Lastly, the system either runs automated processes for testing, or enters interactive mode for users to perform functions they feel are necessary.
It is important to note that most live CD systems run entirely out of RAM and a system reset will cause the loss of all efforts during the live CD operation. Because of this, some live CD systems utilize floppy disks and thumb drives for storing specialized user configurations or results produced by the live CD applications and tools for future review.
Live CD Distributions
Loading a live CD distribution on your PC has limited liability and allows you to gain additional knowledge of applications, operating systems, tools, and ideas without making a long term commitment. Live CD distributions also allow you to use a small number of computer systems to perform a number of different functions perfectly without having to rely on a specific operating system, software system configuration, or require the system for permanent use.
A number of live CD solutions are out there, a list of commonly used live CD systems is below. Most live CD distributions are Linux based and are focused on security tools, but many other live CD distributions are available for functions from Astronomy uses to System Administration.
- Linux Based Live CDs
- Knoppix was the first major Linux live CD that was produced with security interests in mind, although it has been used for many other purposes since inception. Many of the tools following on the list were based on Knoppix to some degree.
- BackTrack is an amalgam of the “Auditor Security System” and “WHAX” with a focus on penetration testing and forensics. Previously, these two functions were only found on separate live CD distributions.
- Operator is a live CD distribution that runs entirely out of RAM. The focus of Operator is to provide users with a full Linux operating system with a focus on network utilities and security software.
- Phlak is a set of network security tools based on Morphix.
- Knoppix STD
- Knoppix STD is a live CD toolset based on Knoppix that includes a collection of tools focused on penetration testing and system audit.
- Helix is a Linux based live CD that does everything in its power to prevent modification of any system resources when booted. No file systems or swap systems are automatically mounted making it a perfect candidate for forensics or incident response efforts.
- F.I.R.E. is another forensics and incident response live CD solution. The primary benefit of F.I.R.E. is that the live CD provides “trusted” binaries for Solaris x86, windows, and Linux that will assist in finding rootkits, trojans, or other system problems that are usually concealed in some way.
- nUbuntu is a Ubuntu based Linux live CD intended to be used for security assessments. The primary goal for nUbuntu is to strip down the Ubuntu system to only its necessary components to keep the distribution small, and so that it will run on lower end system hardware.
- FreeBSD Live CDs
- FreeBSD Live CD Toolset
- The FreeBSD Live CD Toolset is a boot CD that allows users to create their own FreeBSD based Live CD distributions.
- Freesbie is a live CD system that allows users to get acquainted with the FreeBSD operating system without committing their system to it permanently.
- Frenzy is a FreeBSD based system analysis system that tests hardware, system configurations, security parameters, and network configurations.
- M0n0wall is a live CD firewall targeted at embedded PC systems. You merely boot your live CD in your system, make firewall ruleset adjustments, and you have a full fledged manageable FreeBSD based firewall.
- PFSense is a FreeBSD base LiveCD based on m0n0wall that uses the OpenBSD PF packet filter, FreeBSD’s ALTQ QOS system, and OpenBSD’s CARP solution to provide a hardened, fully functional and redundant firewall solution. PFSense can operate as either a layer 3 through layer 7 firewall, or as a layer 2 firewall filtering packets from layer 3 to layer 7. PFSense is probably the most robust live CD based firewall available today.
- Dragonfly BSD is a live CD operating system focused on providing a single CD for multiple hardware platforms.
- OpenBSD Live CDs
- Olive is an OpenBSD based live CD intended to be used for normal desktop purposes. Included applications are for web browsing, music playback, video playback, instant messaging, document review, and more.
- Anonym.OS is a live CD based on OpenBSD with a focus on creating anonymous and encrypted connections. The overall intent is to preserve the users privacy during system and network use.
- OpenBSD Live-CD Firewall
- The goal of the OpenBSD Live-CD Firewall is to allow users to create a secure live CD firewall with limited effort and knowledge.
- Windows Live CDs
- OpenSolaris Live CDs
- Belenix is a live CD system that allows you to test drive OpenSolaris.
- Schillix is a live CD desktop operating system targeting normal desktop users that want to try out OpenSolaris.