How to install the Tsurugi Linux distribution

How to install the Tsurugi Linux distribution

Tsurugi Linux is an open source digital forensics and incident response project based on Ubuntu Linux. Find out how to use this distribution as a virtual machine on your operating system.

Tsurugi Linux is available in different versions:

  • A complete distribution for full use or live installation.
  • A virtual machine ready to be installed on your host operating system, no matter which one you use: Windows, Mac or Linux.
  • A lighter 32-bit version dedicated only to capturing live discs.
  • A portable forensic toolkit created to help conduct investigations in real time.

The main use of this distribution is to be used as a virtual machine dedicated to carrying out all the necessary investigations. Therefore, we will show how to use it in this way.

What you will need

In addition to a computer running Windows, Mac or Linux, virtualization software is required. Among the many, we chose VirtualBox because it is a very popular and easy to use open source software.

You also need to download the Tsurugi Linux virtual appliance via one of its mirrors download page . On the page, choose a mirror and start downloading the file ending with .ova ( Figure A ).

Figure A


The Tsurugi Linux .ova file for download on one of the official mirrors.

How to install the virtual appliance

Open VirtualBox and choose File / Import Appliance, then select the local virtual appliance file you just downloaded ( Figure B ).

Figure B


Select the virtual appliance file for installation in VirtualBox.

Click Next, then Import, read and accept the software license agreement. The virtual appliance is being installed ( Figure C ).

Figure C


Importing the virtual appliance.

How to start the virtual appliance

Select the Tsurugi virtual machine in VirtualBox and click Start. The virtual machine starts and displays the login page of the default user, tsurugi ( Figure D ).

Figure D


The login page for the default tsurugi user.

Enter the default password, tsurugi. The Linux distribution is now ready for work.

How to set up the environment

Now it’s time to install VirtualBox Guest Additions, which will allow the virtual machine to run in full screen, share clipboard or folders between host and guest machines, and improve its performance.

Select Devices / Insert Guest Additions CD image in VirtualBox.

A CD icon appears, named after the version of VirtualBox’s guest additions ( Figure E ).

Figure E


The VirtualBox Guest Additions CD appears.

Double-click the CD, then right-click and select Run as administrator ( Figure F ).

Figure F


Performing the installation of the VirtualBox guest additions.

After the installation is done, restart the virtual machine and enjoy the comfort of the virtual machine with guest additions ( Figure G ).

Figure G


Linux Tsurugi desktop.

Main features of Tsurugi Linux

Tsurugi Linux is based on the popular Ubuntu LTS (64 bit) distribution with a patched kernel, which implements some interesting features.

Kernel write block

By default, all devices connected to the system are mounted in read-only mode. This is a necessary feature for any investigator who wants to perform an analysis on a device that he does not want to alter in any way, thus preserving all the evidence on the device.

OSINT profile switch

This feature can be activated with a double click from the desktop and allows you to toggle between two different user profiles: one is set up for digital forensics and incident response, while the second is set up for Open-Source Intelligence purposes.

Hundreds of DFIR tools

DFIR tools are intelligently classified under Tsurugi Linux, so that any researcher or academic can easily find the appropriate tool that serves their purpose ( Figure H ).

Figure H


Tool categories, as shown in Tsurugi Linux.

The Tsurugi Linux distribution shows impressive capabilities for any DFIR professional who wishes to have everything they need at their fingertips, in a single distribution. It could also be a distribution of choice for academics and students who may want to check out different DFIR or OSINT tools during their studies or research.

Aside from the full Tsurugi Linux distribution, the lighter version created for capturing live disks might also be interesting for DFIR professionals, as it allows you to capture several

Similar Posts

Leave a Reply

Your email address will not be published.