Application Security , Next-Generation Technologies & Secure Development , Video
Open-Source Linux Distribution for Blue Teaming
Giovanni Rattaro and Marco Giorgi on Project Tsurugi for DFIR ExcellenceThe digital forensics and incident response or DFIR landscape is constantly evolving, driven by technological advancements and new cyberthreats. Tsurugi, developed by Giovanni Rattaro, senior cybersecurity expert, and Marco Giorgi, senior DFIR analyst, is an open-source Linux distribution project designed for blue-teaming exercises.
See Also: The Power of Next-Generation SD-WAN with App-Defined Fabric
Tsurugi addresses the challenges of tool installation and provides a ready-to-use platform tailored for those in digital forensics, security and law enforcement, offering tools for tasks such as cloning drives, analyzing artifacts, recovering deleted files, tracking browser history and conducting malware analysis, Rattaro said.
In this interview with Information Security Media Group at Black Hat Europe 2023, Rattaro and Giorgi discussed:
- Tsurugi's suitability for educational purposes and addressing challenges of tool installation faced by students;
- Its reliance on Ubuntu LTS for security updates and user accessibility for modifications;
- Tsurugi Linux's future development, including the release of a special Black Hat edition.
In addition to being a core developer of Tsurugi Linux, Rattaro is a Backtrack Linux ambassador and ex-DEFT Linux developer. He is a DFIR instructor and is passionate about cyberthreat intelligence and OSINT.
Giorgi is a digital forensics expert with interests in computer forensics, mobile forensics, malware analysis, security and deep/dark web. He provides forensic training to law enforcement professionals. He is also a core team member of Tsurugi Linux and a former developer of DEFT Linux.