CSI Linux: A New Linux Distribution For Cyber and OSINT Investigation

written by anshul vyas

Introduction

To combat the growing problem of cybercrime, governments and businesses are investing more resources in creating cyber investigation labs to investigate crimes committed online. Software tools therefore are crucial to the investigation process. As a result, Cyber Forensics, Incident Response, and Competitive Intelligence professionals developed CSI Linux, an operating system targeted at cyber forensics. It is time-consuming to collect and install a variety of applications in order to inspect and analyze crime. Therefore, an all-inclusive system that ships with only the tools necessary is needed.

CSI Linux: A Linux Based Operating System

This multipurpose operating system was designed specifically for cyber investigators. With CSI Linux, you don’t have to worry about installing and configuring software packages because tons of tools are pre-installed to conduct an online investigation, analyze malware, and prevent security threats. CSI Linux addresses the following: Online Investigation: Social Media Accounts, Website Information, OSINT, Incident Response: Intrusion Detection/Prevention and Malware Analysis.

For CSI Linux to run virtual machine images and download the installer, you need more than 50 gigabytes of free space, so if you dislike the minimum requirements, it may not be an option for you. A minimum of 8GB of RAM is also required. CSI Linux Investigator includes three separate platforms: Analyst, Gateway, and SIEM, which provide individuality and modularity of tasks.

How to set up the CSI Linux 2021.1 Virtual Appliance (VM)

The version has been updated to Ubuntu 20.04 LTS for long term support. CSI Gateway has been retired, and the project has been renamed CSI TorVPN to take up less space and boot faster than the 2020 versions. There have been many enhancements to the applications and the new applications. When you turn it on, all your traffic will be encapsulated by a Tor “VPN” adapter. The old CSI Gateway could be used with Whonix, which lets you route all of your traffic through the Whonix Gateway, which is available at Whonix’s site at whonix.org.

System Requirements

1. The system should support virtualization.
2. 64 GB free space is required for file downloads and installation.
3. 6 GB Ram is required.
4. VMs usually have 4 GB pre-allocated.
5. Tool and update updates

Installation

1. Download and install VirtualBox or Extension Pack from this link: https://www.virtualbox.org/wiki/Downloads
2. You will see CSI Linux 2021.1VM.ova file down below. Download that from the download section.

A. Use a BitTorrent program to open the Torrent or Magnetlink files. BitTorrents download the .OVA files.

B. Once it has been downloaded, please consider leaving it as a seed in your torrent client so that others can locate it and download it too.

3. Just check whether the .ova file has been downloaded or not.

4. You should see VirtualBox pop up with setup information on the screen once you double left click the .ova file after it has been downloaded.

5. It is important to choose a location that has enough disk space for installing the virtual appliance. If your system does not have enough space on the C: drive, you may need to install it on the D: drive or external drive.

6. Check the settings to make sure they match your needs.For example, if you have a lot of RAM, you can increase the amount of RAM or add more virtual CPUs. Do not exceed what your primary operating system has physically available.

7. Please perform a Left click on “Import”.

8. click left on Agree and then wait till CSI Linux has been installed which might take a few minutes.

9. After installing successfully, you might be able to see the CSI Linux 2021.1 as a system in VirtualBox.

10. Click twice on the CSI Linux 2021.1 virtual machine.

11. Enter the username and password when the VM starts in a new window.
Username: csi
Password: csi

12. After filling in the credentials, click on “Log In”.

13. Now you will see the CSI Linux interface.

CSI Linux Analyst

In addition to tools for investigation and analysis, the Analyst edition provides tools for creating cyber reports. You can gather all social footprints of the suspects using programs like Social Media Search and Maltego.

CSI Linux Gateway

The Gateway network links all analyst traffic to the Tor network to ensure security and anonymity over the Internet, as its name suggests. Most web tools allow you to interact with the Dark Web. You can hide your location and add a layer of security if the suspect belongs to a hacking or piracy group with Gateway Linux.

CSI Linux SIEM

This edition of SIEM is primarily used to detect intrusions and respond to incidents. If your system is compromised, SIEM tools like Autopsy, Kibana, and Elasticsearch can be used to inspect the whole system’s vulnerabilities. They can also be used as a standalone for in-depth analysis of a threat.

Features

Comes as a paradise for Cyber and OSINT Investigation as the new tools which are pre-installed are awesome.