Tsurugi Linux 2019.1
This is one of the things that Mayank Sharma believes everyone must have and not need, rather than need and not have…
This is one of the things that Mayank
Sharma believes everyone must have and not need, rather than need and not have…
Tsurugi Linux is a specialised Ubuntu spin that’s been tweaked to conduct all kinds of digital investigations. It’s easy to confuse Tsurugi with Kali Linux, which is one of the best distros for pentesting and which contains a wealth of security, auditing and forensic tools. Although you’ll find some of the same tools in Tsurugi, the project has a very different mandate. Instead of finding weaknesses in a system or a network to strengthen them, Tsurugi is designed for digital forensics. The distro equips users with tools to respond to a breach and extract as much information about the incident as possible.
Tsurugi boots to a MATE desktop with a fleshed-out Conky monitor that displays useful information about the system. All the specialised tools are accessible from a neatly organised Tsurugi menu. In addition to cataloguing the tools, the developers have also broadly separated them into four categories. First up are the most critical tools in the workflow of an investigator, including tools for imaging disks, mounting utilities to mount all kinds of data silos, hashing tools to authenticate data and several others for performing digital autopsy.
Next up are tools that’ll help you analyse data and extract meaningful information from within, including passwords. You’ll also find tools that can help to analyse malware and even perform forensics on the contents of the RAM and swap. The tools in the third section are geared towards analysing the network, virtual machines and mobile devices. The last section contains some cryptocurrency recovery tools, along with utilities to help investigators prepare reports of their analysis.
As mentioned earlier, besides DFIR the distro can also be used for open-source intelligence tasks, which involves gathering intelligence from publicly accessible sources. The OSINT menu holds all the tools for this purpose. However the distro also includes an OSINT Switch icon on the desktop that hides away all the digital forensics tools and gives you a focussed menu with only OSINT tools. The wallpaper also changes to indicate that the distro is now in a different mode than the default one. One of the most interesting OSINT tools is the OSINT
Browser. It’s a customised version of Firefox that’s been modified to provide access to scads of Osint-related online resources. It launches with a couple of tabs that list two different curated lists of OSINT tools and resources. You’ll also find several such resources in this browser’s neatly categorised bookmarks. The browser is also equipped with various plug-ins that the developers feel will help you with online research.
The developers released a new version of the distro to mark their inaugural talk at the Black Hat 2019 conference. One of the most noteworthy changes in the new release is a Computer Vision sub-menu that features quite a large number of tools to help detect faces, objects and landmarks.
In addition to all the specialised tools and utilities, the distro ships with a whole bunch of standard desktop utilities such as Keepassxc, Libreoffice, Audacity, VLC and a whole lot more. That’s because Tsurugi is designed as an everyday desktop distro for digital forensics professionals. Sure, many DFIR tasks require you to run the distro from a Live medium, but several analysis and intelligence tasks can be done from an installed system as well.
Tsurugi isn’t a general-purpose distro designed for inexperienced users. This is why we can’t really find fault with its lack of support infrastructure. The documentation section does a nice job of highlighting the unique aspects of the distro, but don’t expect to find any ‘getting started’ guides – if you opt for this distro, you probably know what you’re doing already.