Finding the best operating system always depends on the purpose and our work domain. If we need an OS for hacking, digital investigation, or forensics, we mostly opt for Linux-based distributions. And if we search for the best Linux distro for the same, we always encounter Kali Linux or Parrot.
But it doesn’t mean that other distros are bad. There are various operating systems available that are also rising in the forensics and cyber investigation industry. Recently, I’ve been discovering other alternatives to Kali Linux and the first distro I covered lately was CSI Linux. Now, I want to introduce Tsurugi Linux — another Linux-based OS for the Cyber forensics and OSINT (Open Source Intelligence), which released its 2020.1 “Spring Edition” last week.
The name of the operating system always comprises of meaning and the ideas behind its creation. So, before moving forward, let me briefly explain what Tsurugi actually means!
Meaning Of Tsurugi
Tsurugi is a Japanese name given to a double-bladed sword used by the ancient Japanese monks. Hence, the tagline of the Tsurugi Linux project clarifies its idea to add a sharp weapon in the digital forensics and incident response (DFIR) system.
Tsurugi Linux 2020.1 Review: A DFIR Linux Distribution
Now coming to the project, Tsurugi Linux is an open source distro developed by Giovanni Rattaro who was also a staff member at the old Backtrack distro (now Kali Linux). Currently, he maintains the whole project along with the other five team members from the Deft Linux.
Apart from the highly skilled team, another thing that I really like is its upstream Ubuntu 16.04 LTS. I’m a huge fan of Ubuntu because of its beginner-friendly looks and feel. Therefore, being a Ubuntu derivative, Tsurugi follows the same, featuring an easy-to-use, smooth and GNOME-based attractive MATE desktop.
The process of using any operating system starts with its installation; it can be a nightmare for beginners in some Linux distros like Arch Linux. But Tsurugi has a simple GUI-based installer that takes different paths to start the boot process.
Instead of directly installing the ISO, you first need to choose a language and log in using the live mode to enable write permission. Inside the desktop, Tsurugi provides an installer that you have to use to start the installation process. The further stage follows the same process of a disk partition.
After installation, the moment you enter the desktop, you will notice a dashboard on the right side displaying almost all real-time information about the system. It is because Tsurugi uses the default lightweight desktop system monitor, Conky. Not all Linux distros have Conky by default but I find it very useful to get real-time info directly on my desktop.
Moving to the main topic, Tsurugi Linux includes tons of tools to perform various actions, such as hashing, mounting, data recovery, OSINT, and mobile forensics. Since each project of Tsurugi Linux loads with variants of tools, hence, I’ll discuss in detail every project in the article below.
Before we begin, let me tell you that Tsurugi Linux comprises three projects: Tsurugi Lab, Tsurugi Acquire, and Bento. So, without wasting any time, let’s dive deep into the projects of Tsurugi Linux.
1. Tsurugi Linux Lab
Tsurugi Lab is a 64-bit version specifically for digital forensic analysis and educational purposes. You can either live boot or install it to build your customized default forensic lab.
- Default configuration data protection
- Default cleaner script to kill the running of unnecessary programs
- Automatic HI-DPI zoom for high screen resolution
- Enable or disable specific graphic drivers in live mode
- Profile switcher between DFIR and OSINT
- Virtual machine compatible
- On-screen keyboard & screen reader
Furthermore, Tsurugi offers profile switching between OSINT and DFIR. As a result, it helps to reduce memory usage by allowing limited tools for your profile. The wallpaper also changes to differentiate between profiles.
To modify the configuration, you can use the GUI control center that provides all options to update any setting such as appearance, hardware, and network.
If you have experience with the terminal, you can also run any command using the terminal. By default, Tsurugi ships with some of the best terminal emulators such as Terminator, Konsole and drop-down Tilda.
Here comes the main part that makes Tsurugi compete with other alternate distros such as Kali and Parrot. To avoid any confusion, Tsurugi Lab has various categories to put all relatable tools in a specific group.
Here is the list of categories with notable tools:
- Imaging — dd, ddrescue, DDRescue-GUI
- Password recovery — aircrack-ng, John the Ripper, Johnny
- Network analysis — dhcpdump, nmap, traceroute, whois
- Hashing — hashboy, sha1sum, sha256sum, sha512sum
- Mount — disktype, fdisk, vblade
- Picture analysis — darktable, forensic plate, pngcrush
- Artifacts analysis — dsstore, macMRU-parser, officeplist parser
- Computer vision — face detection, face recognition, object detection live
- Mobile forensics — android adb, iOS apollo, Whatsapp whapa
- Cloud analysis — aws_ir, aws_respond, s3fs
- OSINT — Switcher, browser
- Data recovery — catfish, ddrescue, dmde
- Malware analysis — binwalk, byte-stats, hashdeep
- Cryptocurrency — bitaddress, bitcoin-tool, btcscan, coinbin
- Internet — Firefox, HexChat, Tor, Filezilla
- Programming — CodeBlocks, Geany, Python
For a complete tool lists, you can head over to the official site here.
2. Tsurugi Linux Acquire
Acquire version is a 32-bit lightweight distro with minimal tools. It does not require installation as it only runs in live mode. This project aims to provide a small ISO with a limited set of software running at high speed.
Since Acquire is the streamlined version of Tsurugi Lab, it acquires most of the features from Lab variant such automatic HI-DPI zoom, and disabled graphic drivers in live mode.
Here is the list of categories with notable tools:
- Image — ddrescuelog, dd, dd_rescue
- Hash — md5sum, sha1sum, sha256sum, sha512sum
- Mount — fdisk, mmls, mount, xmount
- Other — BitLocker bdeinfo, bdemount, pingtest
For a complete tool list, you can head over to the official site here.
3. Tsurugi Bento
Bento is more like a Swiss-knife toolkit that contains more than 300 portable applications to perform live investigation and forensic analysis. Bento also doesn’t require installation as it only gives a live mode option to boot.
You can run Bento on any operating system to carry out digital forensics or incident response activities. However, a large number of tools mostly support Windows as compared to Linux or macOS.
Bento toolkit also allows you to update or add new tools easily using a graphical user interface. But you need to be aware of an antivirus system that may tag your tool harmful.
How To Install Tsurugi Linux?
So, after learning about the Tsurugi Linux, you must be wanting to install and try it on your own. But, before that, I would recommend that you check your hardware requirements.
Here I’m listing the minimal hardware required for setting up the forensics workstations.
- 2GHz dual-core processor
- 4GB RAM
- 30GB free disk space
Now, download the latest ISO image from the official site here and start your installation process. You can also install the Tsurugi Linux Lab in your VirtualBox by downloading the .ova file.
I hope you’ll have a good time with Tsurugi Linux, and don’t hesitate to share your experience in the comment below.
Keep following Fossybtes to get all the latest news and updates about Linux and Open source.