This article is based on a list found on http://www.hackingmexico.mx/.
The 5 Linux distribution are: DEFT (Digital Evidence & Forensic Toolkit), QubesOs, Pentoo, Lightweight Portable Security and CAINE.
DEFT 7 is based on the new Kernel 3 (Linux side) and the DART (Digital Advanced Response Toolkit) with the best freeware Windows Computer Forensic tools. It’s a new concept of Computer Forensic system that use LXDE as desktop environment and WINE for execute Windows tools under Linux and mount manager as tool for device management.
It is a very professiona and stable system that includes an excellent hardware detection and the best free and open source applications dedicated to Incident Response, Cyber Intelligence and Computer Forensics such as DHash , ClamAV , Wireshark , Gigolo, Xplico or Nessus.
An interesting option of this distribution is the DEFT Pen, Valerio Leomporra created two dd images of a DEFT USB Pen, one for device with 2GB and one for 4GB you can find the full instruction on how to donwload and use these images on the official website
Qubes is a Linux Distribution based on a secure bare-metal hypervisor (Xen) that implements Security by Isolation approach. To do this, Qubes utilizes virtualization technology, to be able to isolate various programs from each other, so that their compromise don’t affect the integrity of the rest of the system.
Qubes lets the user define many security domains implemented as lightweight Virtual Machines (VMs), or “AppVMs”. E.g. user can have “personal”, “work”, “shopping”, “bank”, and “random” AppVMs and can use the applications from within those VMs just like if they were executing on the local machine, but at the same time they are well isolated from each other. Qubes supports secure copy-and-paste and file sharing between the AppVMs, of course.
Key architecture features:
- Based on a secure bare-metal hypervisor (Xen)
- No networking code in the privileged domain (dom0)
- All user applications run in “AppVMs”, lightweight VMs based on Linux
- Centralized updates of all AppVMs based on the same template
- Qubes GUI virtualization presents applications like if they were running locally
- Qubes GUI provides isolation between apps sharing the same desktop
In the following example, the word processor runs in the “work” domain, which has been assigned “green” label, and is fully isolated from other domains, such as the “red” domain (assigned the “red” label — “Watch out!”, “Danger!”) used for random Web browsing, news reading, etc. Apps from different domains run in different AppVMs and have different X servers, filesystems, etc. Notice the different color frames (labels), and VM names in the titlebar — these are drawn by the trusted Window Manager running in Dom0 and apps running in domains cannot fake them.
Pentoo is a Live CD and Live USB designed for penetration testing and security assessment. Based on Gentoo Linux, Pentoo is provided both as 32 and 64 bit livecd. It features packet injection patched wifi drivers, GPGPU cracking software, and lots of tools for penetration testing and security assessment. The Pentoo kernel includes grsecurity and PAX hardening and extra patches.
LPS is a small portable operating system (Linux based) that is bootable from a CD-ROM or USB device that can be used to safely connect to government systems regardless of the hardware being used. Simply insert the CD or USB device into the computer and restart or boot the computer. LPS will load and display the LPS desktop once the boot process has finished.
Lightweight Portable Security (LPS) is developed and publicly distributed by the United States Department of Defense’s Software Protection Initiative.
LPS comes with Encryption Wizard (EW), a simple, strong file and folder encryptor for protection of sensitive but unclassified information (FOUO, Privacy Act, CUI, etc.). Written in the Java, EW encrypts all file types for data-at-rest and data-in-transit protection. Without installation or elevated privileges, EW runs on Windows, Mac, Linux, Solaris, and other computers that support the Java software platform. With a simple drag and drop interface, EW offers 128-bit AES encryption, SHA-256 hashing, RSA signatures, searchable metadata, archives, compression, secure deleting, and PKI/CAC/PIV support. Encryption can be keyed from a passphrase or a PKI certificate.
CAINE (Computer Aided INvestigative Environment) is an Italian GNU/Linux live distribution supported by the University of Modena and Reggio Emilia, created as a project of Digital Forensics.
CAINE offers a complete forensic environment that is organized to integrate existing software tools as software modules and to provide a friendly graphical interface. It also introduces important new features that aim to fill the void of interoperability across different forensic tools , it provides a homogeneous GUI that guides digital investigators during the acquisition and analysis of electronic evidence, and offers a semi-automatic compilation of the final report and result.
- Grissom Analyzer
- Automated Image & Restore (AIR)
- Foremost and Scalpel
- Autopsy and TSK 3.0 2.20