Tsurugi Linux- A Short Review
Tsurugi Linux- A Open Source Project for Digital Forensics and Incident Response purposes.
Types-
TSURUGI Linux [LAB] — Build for Digital Forensics Analysis | 3.9Gb | Available for Download
TSURUGI Acquire- Build for Forensic Acquisition Purposes | 1.1Gb | Available for Download
Bento- Portable Toolkit for Live Investigation | Not Available for Now
Other Information:
Current Version- 2018.1
Download Link — https://tsurugi-linux.org/downloads.php
Installation Space- 27.9 GB is required. Use more than 35gb as a Storage (My Opinion)
Memory- 4gb Memory its works fine for me. I used Virtual Box for installation purposes.
Some Tools List:
Imaging — dc3dd , ddrescue, esximager, ewfacquire, ftkimager, cyclone and other tools for AFF, EWF, RAW format
Hashing- hashdeep, md5sum, sha1sum, sha256sum, sha512sum
Mount- affuse, ewfmount, fusemount, xmount, apfs-dump, veracrypt etc and mount tool for Bitlocker, Shadow Copy
Timeline Analysis- The Sleuth Kit, PLASO, pinfo, psteal, Timesketch, yarp-timeline etc
Artifacts Analysis- It contains a lot of tools for Windows, Mac, BootCode, Browser, Email, Files, File System, Google Takeout, Jump list, Metadata, P2P, Registry & Trash related artifacts analysis
Data Recovery- catfish, DDRescure, ext3grep, photorec, safecopy, myrescue, ext4magic, foremost etc
Memory Forensics — aeskeyfind, volatility, vshot, swap_digger, recall, pdgmail, evolve, rsakeyfind, damn etc.
Malware Analysis- It contains a lots of tools for malicious Binary, JavaScript, JAVA, Flash, PDF Analysis. It also contains Firejail Sanbox, Debugger, XOR related tools and Scanner like bampfdetect, phpmalwarefinder, rkhunter, yara, vtTool, udicli, chrootkit. Memory and Office analysis related tools are also present
Password Recovery- aircrack-ng, dsniff, XHydra, hashcat,cupp, John the Ripper, pdfcrack, BEviewer etc.
Network Analysis- nmap, scapy, maltrail sensor, hping3, arp-scan, whois, torify, masscan airmon-ng, airdump-ng, kismet. It also has lots of tools for Network log Analysis (e.g.- logstach, kibana) and Pcap File Analysis (Wireshark, tcpdump, Ettercap, driftnet, Websnort).
Picture Analysis- exiftool, Openstego, steghide, jpeg_extract, mat, zsteg etc
Mobile Forensics- It contains tools for Android (adb, apktool, fastboot, systrace, dmtracedump etc.), Blackberry (apddump) and iOS (iosbackupexaminer etc.) analysis and also have the dedicated tools for Whatsapp Analysis like whapa, whagodri, Guasap_Forensic. DB Browser for SQLite is also present.
Along with this tools there are also tools for Crypto Currency (Bitcoin Tool, Bruteforce-wallet, BTCScan, BTCRecover etc.), Virtual Forensics & Reporting purposes.
Tsurugi Linux contains a separate profile for OSINT Analysis “OSINT Switcher”. It has lots of tools to help out the OSINT analysis-
OSINT Browser, TOR Browser, Maltego, tweets_analyzer, youtube-dl, reconcat, InstaLooter, creepy etc.
Except for this tools, there are basic tools like Libre Office, Mozilla Firefox, KeepNote, VLC Media Player etc are present.
I like the concept of the terminal it is named Terminator. Multiple terminals can open in same windows. It helps for better multitasking experience.
Conclusion:
It is excellent destro for Digital Forensics & Incident Response Purposes. Almost all of these useful tools are present into one platform.
“Tsurugi is Japanese double-bladed sword”
