Today we are going to talk about CSI Linux, developed by real detectives for cyber forensic investigation. This is one of the best distributions for OSINT reconnaissance, reverse engineering and intrusion detection, containing an insane amount of omnipotent specialized utilities, both for work on the clearnet and for investigating on the dark net.
Foreword
There is no hiding from the big brother now. Thousands of virtual "eyes" follow you and create a detailed digital dossier that can be bought, sold or even stolen. Smart toys, video nannies collect data on children's hobbies and send them to manufacturers. Smart digital technology collects data and shares your secrets with corporations. At any time, someone can take control of your car or smartphone. It seems to you that this will not affect you in any way, but you should know that your digital shadow is already at risk, insurers are studying your lifestyle to determine the conditions of insurance, medical institutions are calculating the approximate year when you will die in order to understand whether you should be treated by studying your actions on the network, experts inspire you with what to believe and whom to vote for. The value of your life is measured in bytes. This is the new order
All this is a serious problem for the new elite.
Who are all these people: a threat or the last chance of ordinary people to defend freedom?
CSI Linux | Structure
So, returning to the topic of my article.
CSI Linux Analyst is the main investigative workstation used for digital forensics, containing tools for investigating, collecting, analyzing and reporting incidents.
CSI Linux Gateway - Sends all traffic from CSI Linux Analyst through the Tor network to hide the original IP address for added security, and is also used to interact with darknet services and conduct their reconnaissance.
CSI Linux SIEM - Used for incident response and intrusion detection, if our system is compromised, we can use a SIEM tool to check the system vulnerability.
CSI Linux Analyst | Main workstation
Let's start with the main system.
CSI Linux Analyst have a convenient graphical environment, at the bottom of the system there is a panel with the main utilities. First, there are 3 browsers: chrome, firefox and tor browser.
They are followed by the OnionShare utility - this is a tool for relatively anonymous and secure file sharing over the tor network, onion share launches a web server on the local system, it works in the form of a hidden tor service, makes it available to other users we need who can download the ones we distribute files.
This utility is followed by the KeePassXC program - this is a password storage manager, where we can create a database and safely store passwords from various services in it and keep everything encrypted.
Then we can observe GNU Privacy Assistant - it is a graphical interface for GNUPG, it is needed to generate, store and work with various encryption keys.
Next comes the qTox messenger - it is needed for decentralized text, voice and video communication based on asymmetric encryption, as well as the Pidgin messenger - with it you can build confidential communication using various non-listening protocols.
Then the profile programs of our distribution begin.
CSI Linux also has more everyday programs:
CherryTree - applications for creating hierarchical notes and the LibreOffice suite of programs for working with office documents.
CSI Linux Gateway | TOR gateway[/B]
We smoothly approached the traffic control buttons, namely, we can redirect all our traffic from the CSI Analyst machine to the Gateway CSI machine, which is the gateway to the tor network.
A similar implementation was in the Whonix system.To do this, simply launch the Gateway as an additional machine, and then activate it, then the desktop picture will change, this is done for convenience and so that you do not get confused where your traffic flows, and at the output we will have the tora ip address. In addition to the fact that now all our reconnaissance activities have acquired a plus to anonymization, now all our tools that I talked about earlier can also be used to investigate inside the tor network, analyze darknet sites and their users. When we want to use a regular clearnet, we can put everything back in place by deactivating the script with one click.
CSI LINUX SIEM | Monitoring and checking for vulnerabilities
Now we come to using CSI LINUX SIEM. By running it and CSI Analyst together, as well as activating a special script to route traffic, we can use the built-in Kibana program . It was created for use and monitoring, analysis of it infrastructure, as well as alastic search to check the vulnerability of the entire system.
In addition to all the listed tools, CSI Linux also stores an insanely large number of tools for OSINT intelligence, confidential communication, scripts for working with i2p networks, freenet, crypto wallets, tools for brute-forcing user accounts and for passphrases, to access the crypto container. Further, there are intuitions for forensics, mobile devices and many more tools that are definitely worthy of your attention.
At the end of the article, I would like to say that CSI Linux is by far one of the best distributions for netstalkers, punchers or hackers.
Of course, it is quite difficult to learn, large in volume and demanding on the hardware, however, it is still worth it, and the implementation at the expense of the hypervisor, as you may have noticed, is close to my personal preferences. Hopefully this article will encourage you to try this scouting monster in action.
I will also post for you links that will help you understand a little about CSI Linux and its utilities.
These are just a few tools, of course there are many more.
Foreword
There is no hiding from the big brother now. Thousands of virtual "eyes" follow you and create a detailed digital dossier that can be bought, sold or even stolen. Smart toys, video nannies collect data on children's hobbies and send them to manufacturers. Smart digital technology collects data and shares your secrets with corporations. At any time, someone can take control of your car or smartphone. It seems to you that this will not affect you in any way, but you should know that your digital shadow is already at risk, insurers are studying your lifestyle to determine the conditions of insurance, medical institutions are calculating the approximate year when you will die in order to understand whether you should be treated by studying your actions on the network, experts inspire you with what to believe and whom to vote for. The value of your life is measured in bytes. This is the new order
All this is a serious problem for the new elite.
Who are all these people: a threat or the last chance of ordinary people to defend freedom?
CSI Linux | Structure
So, returning to the topic of my article.
- CSI Linux is a merger of as many as 3 operating systems that are distributed as an image of virtual machines.
- The system requires a large amount of space: at least 50 GB to run the image and at least 8 GB of RAM for full functioning.
- The whole system is divided into: CSI Linux Analyst, CSI Linux Gateway and CSI Linux SIEM.
CSI Linux Analyst is the main investigative workstation used for digital forensics, containing tools for investigating, collecting, analyzing and reporting incidents.
CSI Linux Gateway - Sends all traffic from CSI Linux Analyst through the Tor network to hide the original IP address for added security, and is also used to interact with darknet services and conduct their reconnaissance.
CSI Linux SIEM - Used for incident response and intrusion detection, if our system is compromised, we can use a SIEM tool to check the system vulnerability.
CSI Linux Analyst | Main workstation
Let's start with the main system.
CSI Linux Analyst have a convenient graphical environment, at the bottom of the system there is a panel with the main utilities. First, there are 3 browsers: chrome, firefox and tor browser.
They are followed by the OnionShare utility - this is a tool for relatively anonymous and secure file sharing over the tor network, onion share launches a web server on the local system, it works in the form of a hidden tor service, makes it available to other users we need who can download the ones we distribute files.
This utility is followed by the KeePassXC program - this is a password storage manager, where we can create a database and safely store passwords from various services in it and keep everything encrypted.
Then we can observe GNU Privacy Assistant - it is a graphical interface for GNUPG, it is needed to generate, store and work with various encryption keys.
Next comes the qTox messenger - it is needed for decentralized text, voice and video communication based on asymmetric encryption, as well as the Pidgin messenger - with it you can build confidential communication using various non-listening protocols.
Then the profile programs of our distribution begin.
- The first of these is Hunchly, it is a specialized tool for capturing web pages, designed to conduct OSINT research, it will save and catalog web pages, photos, files, metadata, in other words, everything that you will use in your investigation, topics making it easier for you to find digital evidence, but also preventing its loss if this evidence is removed from the public domain.
- The next professional tool - Social Media Search Application - is a special script that combines punching and search tools by nickname, first name, last name, mobile phone number for mention in various social networks, popular services and sites.
- If you are familiar with such tools as Sherlock, SpiredFoot and similar, then you will find them all here. And if you need information about a site or domain, then the Domain Interrogation Tool program will come to your rescue , in turn here you will find a track for collecting all subdomains of the desired target, hardware, metagootfil for extracting metadata of public documents that are located on the site under study. All these programs are present in this script.
- Then we have the famous Maltego, probably the most popular tool for building and analyzing connections between various objects of investigation, data visualization and intelligence based on open source OSINT. If you need to identify any relationships between sites, companies, ip addresses, phone numbers or any other data, then Maltego is an excellent tool in your investigation.
- Next we have forensics and cyber forensics tools. Autopsy is an open source tool used by the police, military or corporate experts to investigate what happened on the computer, useful if you need to locate deleted hard drive files, extract browser history or cookies, find methods on photos, sort files by disk according to certain characteristics, with this thing you can even recover deleted videos from memory cards of camcorders and phones, this is very useful under certain circumstances.
- The next tool in my review straight from the US National Security Agency is Ghidra.
Ghidra is a reverse engineering platform, software developed by the NSA that helps analyze malicious code and malware, can provide insight into potential vulnerabilities in networks and systems. Its capabilities include disassembling, assembling, decompiling, charting or scripting, and generally has a wide field for reverse engineering engineers.
CSI Linux also has more everyday programs:
CherryTree - applications for creating hierarchical notes and the LibreOffice suite of programs for working with office documents.
CSI Linux Gateway | TOR gateway[/B]
We smoothly approached the traffic control buttons, namely, we can redirect all our traffic from the CSI Analyst machine to the Gateway CSI machine, which is the gateway to the tor network.
A similar implementation was in the Whonix system.To do this, simply launch the Gateway as an additional machine, and then activate it, then the desktop picture will change, this is done for convenience and so that you do not get confused where your traffic flows, and at the output we will have the tora ip address. In addition to the fact that now all our reconnaissance activities have acquired a plus to anonymization, now all our tools that I talked about earlier can also be used to investigate inside the tor network, analyze darknet sites and their users. When we want to use a regular clearnet, we can put everything back in place by deactivating the script with one click.
CSI LINUX SIEM | Monitoring and checking for vulnerabilities
Now we come to using CSI LINUX SIEM. By running it and CSI Analyst together, as well as activating a special script to route traffic, we can use the built-in Kibana program . It was created for use and monitoring, analysis of it infrastructure, as well as alastic search to check the vulnerability of the entire system.
In addition to all the listed tools, CSI Linux also stores an insanely large number of tools for OSINT intelligence, confidential communication, scripts for working with i2p networks, freenet, crypto wallets, tools for brute-forcing user accounts and for passphrases, to access the crypto container. Further, there are intuitions for forensics, mobile devices and many more tools that are definitely worthy of your attention.
At the end of the article, I would like to say that CSI Linux is by far one of the best distributions for netstalkers, punchers or hackers.
Of course, it is quite difficult to learn, large in volume and demanding on the hardware, however, it is still worth it, and the implementation at the expense of the hypervisor, as you may have noticed, is close to my personal preferences. Hopefully this article will encourage you to try this scouting monster in action.
I will also post for you links that will help you understand a little about CSI Linux and its utilities.
- CSI LINUX - https://csilinux.com/
- Maltego - https://www.maltego.com/
- Autopsy - https://www.sleuthkit.org/autopsy/
- Ghidra - https://ghidra-sre.org/
- qTox - https://qtox.github.io/
- Kibana - https://www.elastic.co/kibana
- OSINTFramework - https://osintframework.com/
- OSINT-Search - https://github.com/am0nt31r0/OSINT-Search
- Spiderfoot - https://www.spiderfoot.net/
These are just a few tools, of course there are many more.
