1 00:00:06,290 --> 00:00:07,940 - [Narrator] Let's go over a few examples 2 00:00:07,940 --> 00:00:09,900 of tools and Linux distributions 3 00:00:09,900 --> 00:00:12,720 that can be used for forensics. 4 00:00:12,720 --> 00:00:17,720 One is the appliance for digital investigation and analysis, 5 00:00:17,730 --> 00:00:19,850 otherwise known as ADIA. 6 00:00:19,850 --> 00:00:21,940 It is basically a VM that is used 7 00:00:21,940 --> 00:00:24,620 for digital investigation and acquisition 8 00:00:24,620 --> 00:00:27,170 or data acquisition that is built entirely 9 00:00:27,170 --> 00:00:29,330 from public domain software. 10 00:00:29,330 --> 00:00:31,810 Now, it contains a lotta tools 11 00:00:31,810 --> 00:00:34,840 like Autopsy, The Sleuth Kit, 12 00:00:34,840 --> 00:00:36,830 the Digital Forensics Framework 13 00:00:36,830 --> 00:00:39,260 and many others out there, you know. 14 00:00:39,260 --> 00:00:40,710 Now, all these distributions 15 00:00:40,710 --> 00:00:44,760 or VMs have been created for convenience, right? 16 00:00:44,760 --> 00:00:47,960 They actually include the most popular tools 17 00:00:47,960 --> 00:00:51,363 for, you know, forensics type of activities. 18 00:00:51,363 --> 00:00:53,040 Now you can download ADIA 19 00:00:53,040 --> 00:00:55,730 from the link that I'm sharing in the screen. 20 00:00:55,730 --> 00:00:58,860 Another VM or distribution, if you wanna call it 21 00:00:58,860 --> 00:01:00,900 that way, is the CAINE 22 00:01:00,900 --> 00:01:04,473 or the Computer Aided Investigative Environment. 23 00:01:05,880 --> 00:01:09,620 Now it contains tons of tools, just like ADIA, 24 00:01:09,620 --> 00:01:14,390 and, you know, has been used, not only by digital forensics 25 00:01:14,390 --> 00:01:16,010 for cyber security but also 26 00:01:16,010 --> 00:01:20,070 in the law enforcement areas as well. 27 00:01:20,070 --> 00:01:21,080 Now, you can download CAINE 28 00:01:21,080 --> 00:01:22,880 from the link that I'm sharing here. 29 00:01:23,760 --> 00:01:25,140 Now, Skadi is another tool 30 00:01:25,140 --> 00:01:29,220 that is used to collect and parse data 31 00:01:29,220 --> 00:01:31,100 that can be easily searchable 32 00:01:31,100 --> 00:01:34,170 with built-in common searches and enables you 33 00:01:34,170 --> 00:01:39,170 to manipulate multiple data sources 34 00:01:39,330 --> 00:01:40,870 and hosts simultaneously. 35 00:01:40,870 --> 00:01:42,430 You can actually download Skadi 36 00:01:42,430 --> 00:01:44,230 from the link that I'm sharing here. 37 00:01:45,260 --> 00:01:47,360 PALADIN is another Linux distribution 38 00:01:47,360 --> 00:01:50,840 that has been used by many security researchers 39 00:01:50,840 --> 00:01:54,140 in the industry for performing different 40 00:01:54,140 --> 00:01:57,530 evidence collection tasks in a forensically-sound manner. 41 00:01:57,530 --> 00:01:59,710 It includes many open source forensics tools 42 00:01:59,710 --> 00:02:01,020 just like the other ones 43 00:02:01,020 --> 00:02:01,870 and you can download it 44 00:02:01,870 --> 00:02:04,570 from the link that I'm sharing in the screen. 45 00:02:04,570 --> 00:02:08,520 Now, by far, one of the most popular Linux distributions 46 00:02:08,520 --> 00:02:12,930 for defensive security and digital forensics 47 00:02:12,930 --> 00:02:14,530 is Security Onion. 48 00:02:14,530 --> 00:02:16,100 It has a lot of different tools 49 00:02:16,100 --> 00:02:18,740 that you could actually use to collect data 50 00:02:18,740 --> 00:02:21,300 from the network and analyze that data. 51 00:02:21,300 --> 00:02:23,220 It actually comes with things 52 00:02:23,220 --> 00:02:26,190 like the Elasticsearch, Logstash and Kibana, 53 00:02:26,190 --> 00:02:28,560 otherwise known as the ELK stack, 54 00:02:28,560 --> 00:02:31,640 and it can be downloaded from the github repository 55 00:02:31,640 --> 00:02:33,800 that I'm sharing in the screen. 56 00:02:33,800 --> 00:02:36,230 Now, the last one that I want to share with you 57 00:02:36,230 --> 00:02:39,270 is the SIFT Workstation and SIFT stands 58 00:02:39,270 --> 00:02:44,270 for SANS Investigative Forensics Toolkit Workstation 59 00:02:44,730 --> 00:02:48,010 and basically has a lot of different incident response 60 00:02:48,010 --> 00:02:51,800 and digital forensics tools that can be used, 61 00:02:51,800 --> 00:02:53,840 you know, in day to day operation, 62 00:02:53,840 --> 00:02:56,420 let's say, in a security operations center and so on. 63 00:02:56,420 --> 00:02:59,920 You can download SIFT Workstation from the link 64 00:02:59,920 --> 00:03:01,470 that I'm sharing in the screen.