5 impressive Linux Distributions for Forensic Investigations

When doing a forensic investigation it is convenient to use a dedicated distribution that has all the required tools preinstalled and configured rather than having to install them one by one. In this post, we introduce a few Linux distributions which were made specifically for digital forensics investigations.

CAINE

CAINE which stands for Computer-Aided Investigative Environment is a GNU/Linux based live distribution specifically made for forensic investigations. The official website can be found at: http://www.caine-live.net/

This distro is open source and offers a comprehensive forensic environment that is well structured to combine the existing tools as software modules and to provide a user-friendly graphical interface. It used by individuals, students as well as private security professionals and IT auditors

DEFT Linux

DEFT which stands for Digital Evidence and Forensic Toolkit is also a GNU/Linux based live distribution but it is much more professional as well as stable than the rest of the digital forensics based distros.

Much like others DEFT too has a wide variety of open source tools dedicated to Incident Response, Cyber Intelligence and forensics preinstalled. People claim that even the Military uses DEFT for forensic investigations. The official website can be found at: http://www.deftlinux.net/

PlainSight

PlainSight is a flexible digital forensics environment that is made especially for beginners in the digital forensics field. It allows inexperienced forensic practitioners to perform general tasks using powerful open-source tools that are customized and combined with an intuitive user interface to create a very powerful forensic environment. The official website can be found at: http://www.plainsight.info/

Grml-Forensic

Grml-Forensic is a Linux distro which is mainly designed to help the user acquire data and it provides an extensible wizard to help with the data acquisition process. The main feature of Grml-Forensic is that it never modifies any data unless it is explicitly specified to do so plus it is possible to create an automated data acquisition process sending the data to a remote server.

Unfortunately unlike the rest of the distributions, Grml-Forensic is not open source. One should purchase it in order to use it.

SIFT Workstation 

As stated on its website SIFT Workstation (which stands for SANS Investigative Forensic Toolkit) is made up of a group of free open-source incident response and forensic tools designed specifically to perform comprehensive digital forensic investigations in a range of different settings. SIFT claims that it can easily match any current incident response and forensic tool suite.

SIFT demonstrates that advanced incident response capabilities and deep-dive digital forensic techniques can be accomplished using revolutionary open-source tools that are freely available.