A shortlist of six distribution…guess my favorite!
During a digital forensics analysis, a lot of different tools can be used, and it could be useful use a dedicated linux distribution with all tools already installed and configured.
Here a brief list of my choises.
Computer Aided Investigative Environment (CAINE)
CAINE offers a complete forensic environment that is organized to integrate existing software tools as software modules and to provide a friendly graphical interface: contains numerous tools that help investigators during their analysis, including forensic evidence collection
Digital Evidence & Forensics Toolkit (DEFT)
DEFT Linux distribution made for evidence collection that comes bundled with the Digital Advanced Response Toolkit (DART) for Windows.
Appliance for Digital Investigation and Analysis (ADIA)
A VMware-based appliance designed for small-to-medium sized digital investigation and acquisition and is built entirely from public domain software, like Autopsy, the Sleuth Kit, the Digital Forensics Framework, log2timeline, Xplico, and Wireshark.
The system maintenance is provided by Webmin.
Network Security Toolkit (NST)
NST is a Linux distribution that includes a vast collection of best-of-breed open source network security applications useful to the network security professional:
The main intent of developing this toolkit was to provide the security professional and network administrator with a comprehensive set of Open Source Network Security Tools.
A Linux distribution customized in order to perform various forenics tasks like password discovery , social media analysis, data carving, windows registry analysis, malware analysis, log analysis and more.
Security Onion is a special Linux distro aimed at network security monitoring featuring advanced analysis tools:
Security Onion is a Linux distro for intrusion detection, network security monitoring, and log management. It’s based on Ubuntu and contains Snort, Suricata, Bro, OSSEC, Sguil, Squert, ELSA, Xplico, NetworkMiner, and many other security tools.
SANS Investigative Forensic Toolkit (SIFT)
The SIFT Workstation is a VMware appliance, preconfigured with the necessary tools to perform detailed digital forensic examination in a variety of settings.
The SIFT Workstation demonstrates that advanced incident response capabilities and deep dive digital forensic techniques to intrusions can be accomplished using cutting-edge open-source tools that are freely available and frequently updated
- Practical Forensic Imaging: Securing Digital Evidence With Linux Tools
- Digital Forensics with Open Source Tools
- Practical Digital Forensics by Richard Boddington (2016-05-26)
Linux Distributions for forensics investigation: my own list was originally published in So Long, and Thanks for All the Fish on Medium, where people are continuing the conversation by highlighting and responding to this story.