Wherever in the world we see there is a high rise in cybercrime happening, so most of the companies decided to set up cyber investigation labs to overcome the crime happening over the world.
So today we will talk about new variant of linux designed by investigators for Cyber forensics investigations. So we will walk through this linux and see how this plays very important roles in investigation process of evidence collection and installing of different applications for checking & analyzing the crime. As per digital forensics expert of International Institute of cyber Security this variant can be used for the detailed investigation process.
Basic Requirements for CSI Linux
- CSI Linux requires more than 50 GB free space for running virtual machine images and 20 GB for downloading the VM file. Moreover, you must have at least 8 GB RAM.
- CSI Linux is specially designed for cyber investigation and it’s a multi-purpose operating system in this we have pre-installed tool used for online investigation like (social media accounts, website information, OSINT (open source investigation), malware analysis and security prevention (intrusion detection/prevention systems))
CSI Linux Categories
- CSI Linux Investigator has three different platforms:
- CSI Linux Analyst
- CSI Linux Gateway
- CSI Linux SIEM
- CSI Analyst is the main investigation workstation which is used for digital forensics and it cover tools to investigate, capture, analyze and report incidents.
CSI Linux Gateway
- CSI Linux gateway send all CSI Linux analyst traffic through TOR browser to hide the source IP address for additional safety and most of the web tools help to interact with the TOR browser.
CSI Linux SIEM
- CSI Linux SIEM is used for incident response and intrusion detection systems. If our system gets compromised, we can use SIEM tools to inspect system vulnerabilities. Tools included in this are Autopsy, Kibana, and Elasticsearch.
- CSI Linux runs in a virtual box. We can download using this link https://www.virtualbox.org/wiki/Downloads
- Now install VirtualBox extension, which supports all the platforms: https://download.virtualbox.org/virtualbox/6.1.4/Oracle_VM_VirtualBox_Extension_Pack-6.1.4.vbox-extpack
- Click On file option
- Then click on preferences
- Click on Extension option, right side we see add new package
- Click on add new packages and select the extension file
- Click on install option
- Download CSI Linux using https://csilinux.com/download.html
- The downloaded file will be a packed file.
- After downloading CSI Linux, use import OS option in virtual box to import the .ova file downloaded.
Steps To Follow To Import CSI Linux
- Click on file option
- Click on import appliance option and select the CSI Linux Files downloaded.
- click on open and then import
- After importing we will see our screen in this way
- Lets start CSI Linux Analyst OS by providing default username and password as csi
- username: csi
- password: csi
- We see our CSI Linux user interface in this way
- Lets check menu options in CSI Linux, this will list tool available here.
- We see dark web option for dark web tools list.
List of Open Source Tools Included in CSI Linux
- Autopsy GUI
- Catfish Search
- FBI (Facebook Information)
- Twitter feed pull
- The harvester