Documentation Tsurugi Linux [LAB]

Tsurugi Linux is a new heavily customized Linux distribution (first release 03/Nov/2018 at AvTokyo security conference in Japan) based on last Ubuntu 16LTS version (64-bit with a 4.18.5 custom kernel) and is designed to support DFIR investigations, malware analysis and OSINT activities. Two repositories (master and developement) have been created to be able to deliver bugfix, improvements and updates. Other security updates are guaranteed by officials Ubuntu repositories. The main idea behind the Tsurugi Linux project is about simplicity as far as the topics can be really complex, however basic Linux skills are mandatory to be able to work correctly and make the most of it.


Usually forensics workstations are powerful but here below you can find the recommended configuration if you are going to build your own Virtual Machine:
• 2 GHz dual core processor or better
• 4 GB system memory
• 30 GB of free hard drive space (we suggest a 250 GB dynamically allocated)


To install Tsurugi Linux [LAB] you need before to start in live mode, to be able to unlock the Read Only protection on the local device. The installer is available on the desktop (red icon) or inside the system menu.


The Tsurugi Linux [LAB] default user is “tsurugi” and the password has been voluntarily left blank.

“TSURUGI Linux - the sharpest weapon in your DFIR arsenal”