CSI Linux - Designed by Investigators for Investigators

We believe that having the right tools to do the job is critical for forensic investigators. That’s why we have created a multi-purpose, all inclusive, investigation environment starting with online investigations (OSINT, social media, domain recon, and dark web) to offline Digital Forensics Incident Response to Malware Analysis and more. This is an ideal environment for both training and real world investigations.

What Makes this different than the hundreds of other options out there? Well... CSI Linux was developed by Computer Forensics, Incident Response, and Competitive Intelligence professionals to meet the current needs for their clients, government agencies, and the industry.

CSI Linux Investigator is a Virtual Machine Appliance that contains 3 different virtual machines. CSI Linux Analyst is the environment that you will use most of the time. CSI Linux Gateway is a Tor gateway that can help mask your online location while allowing the tools within CSI Linux Analyst access to the Tor dark web. CSI Linux SIEM contains the tools you need for identifying local network threats.

All three can be used together or in combination with other Virtual machines.

To add a plethora of capability to your investigation arsenal, download the CSI Linux Investigator today!

CSI Linux 2020.2 has been released! Read the Features

Online Investigations: Social Media Accounts, Website Info, Domain Recon, OSINT, and more...

Incident Response: Intrusion Detection/Prevention, Log Monitoring, Network Analysis, Reporting, and more...

Malware Analysis: Both Static and Dynamic Reverse Engineering capabilities

The first challenge that we focus on is the ability to minimize the time and effort it usually takes for reconnaissance and Open Source Intelligence (OSINT) analysis. There is a plethora of information on the Internet and a LOT of it is useful during investigations. Tracking a suspect? Want to know what a future hacker will know about you? Need to link user accounts to prove collusion? These are some of the many challenges many of us face every day. We are making this easier and, in many cases, cheaper than ever before.

The second challenge we face is the cyber crime case… If a hacker or even an Advanced Persistent Threat (APT) is your target, how do you catch them? What do you do once you identify the threat? Welcome to the world of incident response and network forensics. With a combination or state of the art technology and good old-fashioned investigative know-how, we are working on a low budget solution for making your cyber triage and emergency response easier and more streamlined.

The third challenge is malware analysis. You may never need this, but if you come across an application or process that seems malicious and none of your security solutions are catching the activity, we have you covered with our SIEM that includes Elasticsearch, Kibana, Zeek IDS, and other incident response tools. Once you identify the suspicious code, you can use Radare 2 and the NSA released tool Ghidra to investigate further.

The fourth challenge is the classic computer forensics also known as “Dead Box” or Postmortem” forensics. There are a ton of options out there and we are working on the ability to tie all 4 challenges together into one standard solution.

Cyber Investigations Focused Linux Distribution