Debian developer Michael “mika” Prokop has announced that, thanks to the Debian Forensics team, a number of forensic analysis tools will be included and maintained along with their dependencies in the next version of the popular Linux distribution.
As published in ebuddynews, Debian 9 Stretch, which is about to be released, will become the most advanced and stable version of distribution history. The latest iteration of the operating system will come with the latest GNU / Linux technologies and the latest open source applications.
In addition to the usual ones that most users will find in the repositories, there will be a few packages for forensic analysis that can not be found in Debian Jessie currently. In Prokop’s words:
“Repeating what I did in the last Debian releases with #newinwheezy and #newinjessie, it’s time to talk about #newinstretch. Debian Stretch, also known as Debian 9.0, will come with a series of packages for people interested in computer forensics.”
The new Debian tools 9
Among the new tools for forensic analysis that will come with the new version of Debian, we can mention the following :
- Bruteforce-salted-openssl, which allows you to find the passphrase in OpenSSL encrypted files.
- Cewl, which allows to generate list of personalized words.
- Dislocker, to read and write encrypted BitLocker volumes.
- Hasdeep and hashrat, which can be used to recursively compute hashum or piecewise hashings.
- Pompem, which allows exploits and vulnerabilities to be found.
- Rekall, to perform memory analysis.
- Unide.rb, to find processes hidden by rootkits.
All these tools are accompanied by dozens of libraries , which can be consulted in the Debian release . Otherwise, wait until Debian 9 Stretch is finally released in the coming weeks.