Linux Distributions for forensics investigation: my own list

A shortlist of six distribution…guess my favorite!

During a digital forensics analysis, a lot of different tools can be used, and it could be useful use a dedicated linux distribution with all tools already installed and configured.

Here a brief list of my choises.


Computer Aided Investigative Environment (CAINE)

CAINE offers a complete forensic environment that is organized to integrate existing software tools as software modules and to provide a friendly graphical interface: contains numerous tools that help investigators during their analysis, including forensic evidence collection

http://www.caine-live.net/index.html


Digital Evidence & Forensics Toolkit (DEFT)

DEFT Linux distribution made for evidence collection that comes bundled with the Digital Advanced Response Toolkit (DART) for Windows.

http://www.caine-live.net/index.html


Appliance for Digital Investigation and Analysis (ADIA)

A VMware-based appliance designed for small-to-medium sized digital investigation and acquisition and is built entirely from public domain software, like Autopsy, the Sleuth Kit, the Digital Forensics Framework, log2timeline, Xplico, and Wireshark.
The system maintenance is provided by Webmin.

http://www.caine-live.net/index.html


Network Security Toolkit (NST)

NST is a Linux distribution that includes a vast collection of best-of-breed open source network security applications useful to the network security professional:

The main intent of developing this toolkit was to provide the security professional and network administrator with a comprehensive set of Open Source Network Security Tools.

http://www.caine-live.net/index.html


PALADIN

A Linux distribution customized in order to perform various forenics tasks like password discovery , social media analysis, data carving, windows registry analysis, malware analysis, log analysis and more.

http://www.caine-live.net/index.html


Security Onion

Security Onion is a special Linux distro aimed at network security monitoring featuring advanced analysis tools:

Security Onion is a Linux distro for intrusion detection, network security monitoring, and log management. It’s based on Ubuntu and contains Snort, Suricata, Bro, OSSEC, Sguil, Squert, ELSA, Xplico, NetworkMiner, and many other security tools.

http://www.caine-live.net/index.html


SANS Investigative Forensic Toolkit (SIFT)

The SIFT Workstation is a VMware appliance, preconfigured with the necessary tools to perform detailed digital forensic examination in a variety of settings.

The SIFT Workstation demonstrates that advanced incident response capabilities and deep dive digital forensic techniques to intrusions can be accomplished using cutting-edge open-source tools that are freely available and frequently updated


Comments