Get best of the week

CSI Linux: linux distribution for cyber investigations and OSINT


At the beginning of this year, another Linux distribution for cyber-investigations and OSINT under the name CSI Linux Investigator was released .

Short description


CSI Linux Investigator is an assembly of Linux distributions based on the Ubuntu operating system with pre-installed specialized software packages. The assembly is distributed as an OVA file, which is easily imported into Oracle VM Virtual Box .

Minimum hardware and software requirements
โ€” 8 RAM-
โ€” 70
โ€” 4-
โ€” Oracle VM Virtual Box

This linux distribution contains the software necessary to solve the following problems:

  • OSINT
  • Digital forensics
  • Incident Response
  • Malware analysis

You can download the distribution link from the official website. There are also overview guides and manuals on working with the distribution kit.

Structure and composition


CSI Linux Investigator contains three virtual machines:
CSI Linux Analyst
CSI Linux Analyst โ€” ยซยป . ubuntu- , :

  • OSINT/Online Investigations
  • Secure Comms
  • Encryption
  • Dark Web
  • Incident Response
  • Computer Forensics
  • Mobile Forensics
  • CSI Tools

. Tools List.


CSI Linux Gateway
CSI Linux Gateway TOR, ยซยป, Apparmor, Jailbreak Shorewall Firewall.

CSI Linux Analyst.
CSI Linux Analyst + CSI Linux Gateway TOR.

CSI Linux SIEM
CSI Linux SIEM , CSI Linux Investigator. ubuntu-, Zeek IDS ELK Stack (elasticsearch, logstash kibana).
IDS (CSI Linux Analyst CSI Linux Gateway), CSI Linux Analyst.


Personal opinion and useful links


I would like to complete the review article on CSI Linux Investigator with a personal opinion and give a couple of tips on working with this distribution.

Building CSI Linux Investigator is not the first of its kind, it has its pros and cons.
In this distribution, I liked the separation of virtual machines into three components - the distribution itself, the TOR gateway, and the SIEM assembly.

From the point of view of filling the assembly with software, the opinion is twofold, on the one hand there is everything necessary, on the other hand, there is a lot of unnecessary software that adversely affects the size of the distribution.

If we draw analogies with other distributions for these purposes, we get the following:

CSI Linux Analyst turned out to be a combined version of SIFT , Buscador distributionsand caine .

CSI Linux SIEM is similar in goals and objectives to Security Onion , and CSI Linux Gateway to Whonix Gateway .

More articles:


All Articles