Cyber Investigations Focused Linux Distribution

CSI Linux

Help support our projects!

CSI Linux Bottle CSI Linux Tumbler CSI Linux Tumbler

We believe that having the right tools to do the job is critical for forensic investigators. That’s why we have created a multi-purpose, all inclusive, investigation environment starting with online investigations (OSINT, social media, domain recon, and dark web) to offline Digital Forensics Incident Response to Malware Analysis and more. This is an ideal environment for both training and real world investigations.

What Makes this different than the hundreds of other options out there? Well... CSI Linux was developed by Computer Forensics, Incident Response, and Competitive Intelligence professionals to meet the current needs for their clients, government agencies, and the industry.

CSI Linux is availible in both a Virtual Machine Appliance and Bootable distro to use as a daily driver. For those that are familar with the previous versions, in 2021.1, we have merged the CSI Linux Analystand the CSI Linux Gateway to give you the most seemless and easiest way to investigate the Surface and Dark web. Most of our focus is on Tor, but we also support I2P, Freenet, and Zeronet. CSI Linux SIEM contains the tools you need for identifying local network threats.

To add a plethora of capability to your investigation arsenal, download the CSI Linux Investigator today!

CSI Linux 2021.1 has been released! Smaller, faster, and more secure than ever. Read the Features

Online Investigations: Social Media Accounts, Website Info, Domain Recon, OSINT, and more...

Incident Response: Intrusion Detection/Prevention, Log Monitoring, Network Analysis, Reporting, and more...

Malware Analysis: Both Static and Dynamic Reverse Engineering capabilities

The first challenge that we focus on is the ability to minimize the time and effort it usually takes for reconnaissance and Open Source Intelligence (OSINT) analysis. There is a plethora of information on the Internet and a LOT of it is useful during investigations. Tracking a suspect? Want to know what a future hacker will know about you? Need to link user accounts to prove collusion? These are some of the many challenges many of us face every day. We are making this easier and, in many cases, cheaper than ever before.

The second challenge we face is the cyber crime case… If a hacker or even an Advanced Persistent Threat (APT) is your target, how do you catch them? What do you do once you identify the threat? Welcome to the world of incident response and network forensics. With a combination or state of the art technology and good old-fashioned investigative know-how, we are working on a low budget solution for making your cyber triage and emergency response easier and more streamlined.

The third challenge is malware analysis. You may never need this, but if you come across an application or process that seems malicious and none of your security solutions are catching the activity, we have you covered with our SIEM that includes Elasticsearch, Kibana, Zeek IDS, and other incident response tools. Once you identify the suspicious code, you can use Radare 2 and the NSA released tool Ghidra to investigate further.

The fourth challenge is the classic computer forensics also known as “Dead Box” or Postmortem” forensics. There are a ton of options out there and we are working on the ability to tie all 4 challenges together into one standard solution.