Welcome back, aspiring cyberwarriors!
Imagine a situation where you need to track the digital footprint of a suspicious individual suspected of fraud. You have some information about the suspect, access to a laptop, and are ready to begin your investigation. However, after some exploration, you discover that your system lacks the necessary tools for conducting an OSINT investigation. While you can install everything you need on Kali Linux or Parrot OS, doing so can take hours of setup.
To address this issue, Tsurugi Linux was developed. In this article, we will explore what Tsurugi Linux is, how to install it, and the features it offers for OSINT investigations. Let’s get rolling!
What is Tsurugi Linux
Many newcomers to open-source intelligence often turn to Kali Linux or Parrot OS as their first specialized distributions, and both are effective tools. However, neither was specifically designed for OSINT purposes. Kali Linux, for instance, is primarily an offensive penetration-testing platform. While it includes some OSINT utilities, its main focus is on exploitation rather than investigation. This is where Tsurugi Linux comes in.
Tsurugi Linux is a free and open-source Linux distribution specifically tailored for incident response and OSINT investigations. Its name, inspired by a Japanese double-bladed sword, reflects its dual emphasis on active intelligence gathering and passive forensic analysis. Tsurugi addresses the challenge of consolidating and curating over 300 specialized tools, thereby saving users the tedious process of installing and configuring each tool individually on a generic system. Instead, Tsurugi provides a pre-packaged, user-friendly environment organized by investigative categories, allowing users to become productive in just hours rather than days.
The Three Flavors of Tsurugi
Before downloading anything, it’s important to understand that Tsurugi is available in three distinct forms, each serving a specific purpose. Tsurugi Linux LAB is the full 64-bit distribution that we will focus on in this article. It includes the complete toolkit and is designed to be installed on a dedicated machine or run in a virtual machine for hands-on analysis and OSINT investigation.
Tsurugi Acquire is a lighter 32-bit version that contains only the essential tools needed for live disk acquisition.
Finally, BENTO is a portable forensics toolkit that you can carry with you and run directly from a USB device, allowing you to conduct live investigations on machines that cannot be taken away.
For getting started purposes, Tsurugi Linux LAB is your target, and you can find the latest ISO image on the official project website at tsurugi-linux.org.
How to Install Tsurugi Linux
In this demonstration, I will install Tsurugi Linux on VirtualBox. To get started, we need to download the latest ISO image from the website and create a new virtual machine based on it.
It is recommended to allocate at least 4 gigabytes of RAM and 60 gigabytes of disk space during the creation process. Once this is done, you can boot the machine. A desktop like the one shown below will welcome you.
First Look
When you boot for the first time, you will see the MATE desktop environment. The taskbar at the top offers quick access to files, an application launcher, a web browser, and a terminal emulator named Terminator.
When you open the Applications menu, you will notice a typical range of categories. Like most distributions, it includes programs for internet browsing, programming, office tasks, various media players, and other standard software that is unlikely to surprise anyone. However, our main focus is on the first item in the menu, labeled THURUGI.
The top-level categories include OSINT, Memory Forensics, Malware Analysis, Network Analysis, and others. We will not delve into specific tools here; some have been covered in previous articles, and we will address others that haven’t been discussed yet, provided they warrant our attention.
The Tsurugi Browser
Tsurugi Linux ships with a well-known version of the Firefox browser, preinstalled with extensions.
Let’s take a look at some of them.
Tampermonkey is a browser extension that enhances your browsing experience by allowing you to run userscripts on websites. Userscripts are small programs that modify page layouts, add or remove features, and automate actions to personalize your web experience.
DNSlytics lets you retrieve information about a domain, including WHOIS data, DNS records, and more.
NoScript is a browser extension that enhances online security and privacy by blocking JavaScript, Flash, Java, and other potentially harmful content on websites, only allowing execution from sites you explicitly trust.
Additional Features of Tsurugi Linux
The developers of Tsurugi Linux have worked hard to ensure that the operating system is as versatile as possible, making it suitable for a wide range of situations. To achieve this, they have included a vast array of utilities. Notably, they have highlighted OSINT (Open Source Intelligence) as a distinct category that has received special attention.
A dedicated OSINT profile has been introduced, and you can activate it by selecting the OSINT Switcher on the desktop or in the menu. Once enabled, most sections unrelated to OSINT will be removed from the menu, leaving only the relevant options you might need. Additionally, the wallpaper will change to provide a visual indicator of the active profile, ensuring you won’t confuse it with others.
Another valuable feature is the Write Blocker. This is an extra layer of protection against any malicious activity. The external storage device, such as a USB flash drive, will only be accessible in “read-only” mode when connected. To enable writing, select the TSURUGI device unlocker on the desktop. Then, in the window that opens, select the desired device and click “Unlock.”
Summary
Tsurugi Linux is a great choice for beginners starting with OSINT or digital forensics. It provides a friendly and well-equipped environment. While it won’t make you an expert right away, it will help you learn OSINT more quickly.
If you’re looking to enhance your OSINT skills, consider exploring our OSINT training. If you need assistance in uncovering the truth, don’t hesitate to reach out to us at [email protected], and we’ll conduct a comprehensive OSINT investigation for you.
Source: HackersArise
Source Link: https://hackers-arise.com/open-source-intelligence-osint-is-tsurugi-linux-the-best-operating-system-for-osint-investigations/