Santoku is a bootable linux distribution focused on mobile forensics, analysis, and security.

It comes with pre-installed platform SDKs, drivers and utilities and allows auto detection and setup of new connected mobile devices.

Santoku Linux is a free and open community project sponsored by NowSecure who provide core team members, and some tools for inclusion in the platform (ex. AFLogical OSE).


Mobile Malware Analysis

  • Mobile device emulators
  • Utilities to simulate network services for dynamic analysis
  • Decompilation and disassembly tools
  • Access to malware databases

Mobile Forensics

  • Firmware flashing tools for multiple manufacturers
  • Imaging tools for NAND, media cards, and RAM
  • Free versions of some commercial forensics tools
  • Useful scripts and utilities specifically designed for mobile forensics

Mobile Security Testing

  • Decompilation and disassembly tools
  • Scripts to detect common issues in mobile applications
  • Scripts to automate decrypting binaries, deploying apps, enumerating app details, and more


Santoku disk image is build on top of a Lubuntu distro.

It can be booted from USB/CD and can run both in VirtualBox or VMWare Player.

Santoku Linux 0.5 is a 64-bit OS and will only work with 64-bit hardware and software

The ISO is available through SourceForge as both a full 2.5GB .iso download as well as a torrent of the .iso.

Additionally, instead of downloading the full .iso you can download Lubuntu (14.04 64-bit) and update your OS with the new Santoku packages.

  1. Download the Lubuntu 14.04 x64 iso using links below and install up your Linux system/VM.

Download Lubuntu 14.04 64-bit: (HTTP | Torrent)

  1. Apply updates in Lubuntu. (This will take some time.) Restart.
  2. Download this build script directly on your Lubuntu install, rename it to just .sh extension and make it executable.

  3. Open a terminal and run the script.