Digital forensics is a very special field, were evidences must be collected in a non-destructive way without modifying the media. Data analysis require reliable tools in order to investigate crimes and computer intrusions. Linux provide a broad repository of digital forensics tools to perform data analysis of text documents, images, videos, and digital devices such mobile and smart phones. In this post I’m going to show a list of Digital Forensics and incident response Linux distribution, if I’ve missed something please let me know.
SANS SIFT Workstation 2.0
Faculty Fellow Rob Lee created the SANS Investigative Forensic Toolkit(SIFT) Workstation featured in the Computer Forensic Investigations and Incident Response course (FOR 508) in order to show that advanced investigations and investigating hackers can be accomplished using freely available open-source tools. The SANS SIFT Workstation is a VMware Appliance that is pre-configured with all the necessary tools to perform a detailed digital forensic examination. It is compatible with Expert Witness Format (E01), Advanced Forensic Format (AFF), and raw (dd) evidence formats. The brand new version has been completely rebuilt on an Ubuntu base with many additional tools and capabilities that can match any modern forensic tool suite.
C.A.IN.E. Computer Aided Investigative Environment
CAINE (Computer Aided INvestigative Environment) is an Italian GNU/Linux live distribution created as a project of Digital Forensics
Currently the project manager is Nanni Bassetti. CAINE offers a complete forensic environment that is organized to integrate existing software tools as software modules and to provide a friendly graphical interface.
The main design objectives that CAINE aims to guarantee are the following:
* an interoperable environment that supports the digital investigator during the four phases of the digital investigation
* a user friendly graphical interface
* a semi-automated compilation of the final report
DEFT 6 is based on Lubuntu with Kernel 2.6.35 (Linux side) and DEFT Extra 3.0 (Windows side) with the best freeware Computer Forensic tools; it is a new concept of Computer Forensic live system, ewflib ready, that use WINE for run Windows Computer Forensics tools under Linux.
SMART Linux is a live CD distribution of Linux, customized and designed for Data Forensics, Electronic Discovery and Incident Response. Every aspect of SMART Linux has been optimized and configured for producing a clean, non-invasive, forensically sound operating system environment.
Forensic Hard Copy.
FHC is a Linux distribution developed only for digital aquisition of evidences on storage devices. Is commonly used from the Italian Cyber Police in order to speed and maintaining the data integrity.
REMnux Linux Distribution for Reverse-Engineering Malware
REMnux is a lightweight Linux distribution for assisting malware analysts in reverse-engineering malicious software. The distribution is based on Ubuntu and is maintained by Lenny Zeltser.