Well for quite some time I’ve been partial to Knoppix-STD as my Linux Live CD of choice. However I’ve recently had the pleasure of trying Helix 1.5. In similar fashon it’s based on Knoppix but you’re given the options of using multiple kernels (2.4.27 & 2.6.7). Helix is forensically sound meaning it does not touch the host machine, it dosen’t automaount swap space or any “found” devices.
Helix even includes a windows app for forensic analasys like grabbing system images.
Helix has an extensive list of software loaded including
Packet sniffers, IDS Systems, SAMBA, arping, ethereal, ettercap, nessus, nmap, aircrack, airsnort, Kismet and Much more! (full list at Helix )
I’ve found Helix to be a great addition to my tech toolkit.