Industrial Internship Report

Digital Forensics Research Intern

Submitted by

Maulikkumar Chhaganbhai Patel

12002080501039

In partial fulfillment for the award of the degree of

BACHELOR OF ENGINEERING / TECHNOLOGY

in
Information Technology

G H Patel College of Engineering and Technology

The Charutar Vidya Mandal (CVM) University,

Vallabh Vidyanagar - 388120
[May 2024]
 G H Patel College of Engineering and Technology
Bakrol Road, Vallabh Vidyanagar, Anand, Gujarat 388120

CERTIFICATE

This is to certify that Maulikkumar Chhaganbhai Patel (12002080501039) has submitted

the Industrial Internship report based on internship undergone at </Hacker 4 Help> for a

period of 18 weeks from 15-Jan-2024 to 17-May-2024 in partial fulfillment for the degree of

Bachelor of Engineering in Information Technology, G H Patel College of Engineering

and Technology at The Charutar Vidya Mandal (CVM) University, Vallabh Vidyanagar

during the academic year 2023 – 24.

Guide Head of Department

Prof. Rahul Patel Dr. Nikhil Gondaliya
Assistant Professor Professor & Head
 DECLARATION

I, Maulikkumar Chhaganbhai Patel (12002080501039), hereby declare that the Industrial

Internship report submitted in partial fulfillment for the degree of Bachelor of Engineering in

Information Technology, G H Patel College of Engineering and Technology, The Charutar Vidya

Mandal (CVM) University, Vallabh Vidyanagar, is a bonafide record of work carried out by me

at </Hacker 4 Help> under the supervision of Mr. Amish Patel and that no part of this report has

been directly copied from any students’ reports or taken from any other source, without providing

due reference.

Name of the Student Sign of Student

Maulik Patel
 Acknowledgement

The successful culmination of our internship at <Hacker 4 Help>, under the guidance
of Amish Patel, the CEO of the company, relies on the collaborative efforts and support
from various quarters. I extend my sincere gratitude to Amish Patel for his invaluable
insights, direction, motivation, unwavering cooperation, and insightful feedback during
the entirety of our internship project.

The completion of any internship work depends upon cooperation, co-ordination,

and combined efforts of several sources of knowledge. I would like to express my
deepest thanks to Prof. Rahul Patel, for his valuable inputs, guidance, encouragement,
wholehearted cooperation, and constructive criticism throughout the duration of our
project.

I hope that this internship report will provide all necessary information required to
readers to fulfil their aspiration. Man’s quest for knowledge never ends. Theory and
practices are essential and complimentary to each other. We/I would like to express my
sincere thanks to Dr. Nikhil Gondaliya (Head of Department) for wholehearted
support.

Mr. Maulik Patel (12002080501039)

 Table of Content
LIST OF FIGURES ......................................................................................................................................... I
LIST OF ABBREVIATIONS ............................................................................................................................II
ABSTRACT ................................................................................................................................................III
C HA PTE R 1 : INTRODUCTION ........................................................................................................ 1
1.1 BACKGROUND .............................................................................................................................. 2
1.2 CSI LINUX OS ................................................................................................................................. 3
1.3 RATIONAL FOR CHOOSING OS....................................................................................................... 3
C HA PTE R 2 : ORGANIZATION OVERVIEW ..................................................................................... 5
2.1 INTRODUCTION TO THE ORGANIZATION: ..................................................................................... 6
C HA PTE R 3 : CSI LINUX OS & DIGITAL FORENSICS ......................................................................... 7
3.1 CSI LINUX OS FEATURES ................................................................................................................ 8
3.2 INTEGRATION WITH DIGITAL FORENSICS ...................................................................................... 8
3.3 ADVANTAGES AND LIMITATIONS .................................................................................................. 8
3.4 COMPARISON WITH OTHER OPERATING SYSTEMS ....................................................................... 9
C HA PTE R 4 : INTERNSHIP ACTIVITIES .......................................................................................... 10
4.1 OVERVIEW OF ASSIGNED TASKS ................................................................................................. 11
4.2 UTILIZATION OF CSI LINUX OS ..................................................................................................... 11
4.3 COLLABORATION WITH DIGITAL FORENSICS TEAM ..................................................................... 11
4.4 CASE MANAGEMENT .................................................................................................................. 11
4.5 TOOLS AND TECHNIQUES APPLIED .............................................................................................. 12
C HA PTE R 5 : TOOLS & TECHNOLOGIES ....................................................................................... 13
5.1 OVERVIEW OF DIGITAL FORENSICS TOOLS .................................................................................. 14
5.2 CSI LINUX OS INTEGRATED TOOLS............................................................................................... 14
5.3 TOOL SELECTION CRITERIA .......................................................................................................... 14
5.4 HANDS-ON EXPERIENCE .............................................................................................................. 14
5.5 TOOL EFFECTIVENESS AND LIMITATIONS .................................................................................... 51
C HA PTE R 6 : CONCLUSIONS ........................................................................................................ 52
REFERENCES: ........................................................................................................................................... 54
12002080501039 List of Figures

List of Figures
Figure 1 CSI Linux Tools ............................................................................................................... 15
Figure 2 CSI Case Management ..................................................................................................... 15
Figure 3 CSI Case Management Menu ........................................................................................... 16
Figure 4 CSI Linux API Management Tool ................................................................................... 16
Figure 5 Secure Comms menu ........................................................................................................ 17
Figure 6 Encryption menu .............................................................................................................. 17
Figure 7 VeraCrypt ......................................................................................................................... 18
Figure 8 Hydra GUI ........................................................................................................................ 18
Figure 9 John The Ripper ............................................................................................................... 19
Figure 10 Stegcracker ..................................................................................................................... 20
Figure 11 Dark Web Menu ............................................................................................................. 20
Figure 12 Dark Web Investigations ................................................................................................ 21
Figure 13 Tor Hidden Services ....................................................................................................... 21
Figure 14 Started service ................................................................................................................ 22
Figure 15 Bittorent .......................................................................................................................... 22
Figure 16 OXEN Wallet ................................................................................................................. 23
Figure 17 The Hades Project........................................................................................................... 24
Figure 18 LokiNet ........................................................................................................................... 24
Figure 19 Incident Report Menu ..................................................................................................... 25
Figure 20 AutoTimeLiner ............................................................................................................... 26
Figure 21 Volatility3 ....................................................................................................................... 27
Figure 22 Computer Forensics Menu ............................................................................................. 28
Figure 23 DDRescue-GUI .............................................................................................................. 29
Figure 24 RecoverDM .................................................................................................................... 29
Figure 25 Recuperabit - NTFS ........................................................................................................ 30
Figure 26 Forensic Registry Editor ................................................................................................. 31
Figure 27 Mobile Forensics Menu .................................................................................................. 32
Figure 28 iLEAPP ........................................................................................................................... 33
Figure 29 Android Free Forensic Toolkit ....................................................................................... 33
Figure 30 Vehicle Forensics Menu ................................................................................................. 34
Figure 31 Malware Analysis And Reverse Engineering Menu ...................................................... 36
Figure 32 BinWalk.......................................................................................................................... 37
Figure 33 EDB Debugger ............................................................................................................... 38
Figure 34 Radare2 ........................................................................................................................... 39
Figure 35 SIGINT Menu................................................................................................................. 40
Figure 36 FM Radi Tuner ............................................................................................................... 41
Figure 37 GQRX-SDR.................................................................................................................... 41
Figure 38 qFlipper .......................................................................................................................... 42
Figure 39 ProxyMark3 .................................................................................................................... 43
Figure 40 CHIRP ............................................................................................................................ 43
Figure 41 Artemis ........................................................................................................................... 44
Figure 42 Virtualization Menu........................................................................................................ 45
Figure 43 KVM-virt manager ......................................................................................................... 45
Figure 44 Threat Intelligence .......................................................................................................... 47
Figure 45 Kaspersky Cyber Map .................................................................................................... 48
Figure 46 Active Global Terrorist Organization Map .................................................................... 49
Figure 47 Crisis Watch ................................................................................................................... 50
Figure 48 Cyber War - OSINT Publication .................................................................................... 50

CVM University i GCET

12002080501039 List of Abbreviations

List of Abbreviations

CSI Crime Scene Investigation

IT Information Technology
OS Operating Systems
API Application Programming Interface
CLI Command Line Interface
GUI Graphical User Interface
AI Artificial Intelligence
CSIL-COA CSI Linux Certified OSINT Analyst
OSINT Open-Source Intelligence
DFIR Digital Forensics and Incident Report
SSD Solid State Drive
HDD Hard Disk Drive
USB Universal Serial Bus
FTK Forensic Toolkit
DD Disk Duplicator
GPG GNU Privacy Guard
GNU GNU’s Not Linux
OpenSSL Open Secure Socket Layer
CeWL Custom Word List Generator

CVM University ii GCET

12002080501039 Abstract

Abstract

This internship report explores the intersection of digital forensics and the CSI Linux OS,
delving into its application in real-world scenarios. The report begins by framing the
significance of digital forensics in the cybersecurity landscape and justifying the selection
of CSI Linux OS. Throughout the internship, tasks encompassed hands-on utilization of CSI
Linux OS, collaboration within the digital forensics team, and the management of intricate
case studies. Challenges encountered, both technical and operational, are candidly addressed,
emphasizing adaptive problem-solving strategies. The report reflects on the acquired skills,
knowledge enhancement, and the broader impact on professional development. Detailed
examinations of the forensic tools employed, integrated tools within CSI Linux OS, and real-
world case studies provide practical insights. Recommendations for the enhancement of CSI
Linux OS, future directions in digital forensics, and reflections on personal growth and
experiences are presented. The report concludes with acknowledgments, an appendix of
supplementary materials, and a call to action for future engagement with the evolving field
of digital forensics.

CVM University iii GCET

 CHAPTER 1 :
INTRODUCTION
12002080501039 Introduction

1.1 BACKGROUND
Digital forensics or digital forensic science is a branch of cybersecurity focused on the
recovery and investigation of material found in digital devices and cybercrimes. Digital
forensics was originally used as a synonym for computer forensics but has expanded to cover
the investigation of all devices that store digital data.

As society increases its reliance on computer systems and cloud computing, digital forensics
becomes a crucial aspect of law enforcement agencies and businesses. Digital forensics is
concerned with the identification, preservation, examination, and analysis of digital evidence,
using scientifically accepted and validated processes, to be used in and outside of a court of
law.

Digital forensics is used in both criminal and private investigations.

Traditionally, it is associated with criminal law where evidence is collected to support or

negate a hypothesis before the court. Collected evidence may be used as part of intelligence
gathering or to locate, identify or halt other crimes. As a result, data gathered may be held
to a less strict standard than traditional forensics.

In civil cases, digital forensic teams may help with electronic discovery (eDiscovery). A
common example is following unauthorized network intrusion. A forensics examiner will
attempt to understand the nature and extent of the attack, as well as try to identify the attacker.
1. Disk and data capture tools
2. File viewers
3. File analysis tools
4. Registry analysis tools
5. Internet analysis tools
6. Email analysis tools
7. Mobile devices analysis tools
8. Mac OS analysis tools
9. Network forensics tools
10. Database forensics tools

CVM University 2 GCET

12002080501039 Introduction

1.2 CSI LINUX OS

CSI Linux is not just another cybersecurity tool; it's a complete investigation platform
designed with the flexibility to meet the demands of modern digital investigations. CSI
Linux encompasses everything you need for almost any digital investigation, from data
analysis to threat detection. It's your one-stop solution. Our recent collaboration with Navi
and Echo AI is revolutionizing the way you work. With state-of-the-art capabilities and
bleeding-edge functionality, we empower you to work more efficiently and deliver a more
comprehensive work product.
Navi - Your AI Assistant: Powered by the Echo AI backend, Navi is here to transform user
interaction. Whether it's navigating complex tasks or providing real-time support, Navi is
like having an expert by your side.

1.3 RATIONAL FOR CHOOSING OS

CSI Linux is a multi-purpose, open-source operating system for cyber investigators. It has
many capabilities for investigations, analysis, and response. Here are some reasons why
you might choose CSI Linux:
 User-friendly
CSI Linux has a user-friendly interface that's suitable for both beginners and
experienced practitioners.
 Free and open source
CSI Linux is free and open source.
 Versatile
CSI Linux offers many capabilities, including data analysis, threat detection, online
investigations, social media, domain recon, dark web, digital forensics, incident
response, and malware analysis.
 Ideal for training and real-time applications
CSI Linux has state-of-the-art capabilities and bleeding-edge functionality.
 CSIL-COA certification
The CSIL-COA certification equips you to deliver actionable intelligence to
decision-makers, a critical skill in numerous fields.
 Easy access
Users can log in using the default username and password, which are both “csi”.

CVM University 3 GCET

12002080501039 Introduction

 CSI tools
CSI Linux includes CSI tools like online investigation tools, centralized evidence
captures, and cryptocurrency wallet lookup.

CVM University 4 GCET

 CHAPTER 2 :
ORGANIZATION
OVERVIEW
12002080501039 Organization Overview

2.1 INTRODUCTION TO THE ORGANIZATION:

</Hacker4Help> is a team of Professional Cyber Security Experts, Cyber Crime
Investigators, Expert Developers & Ethical Hackers. We are a very experienced team and
working professionally for multinational companies and Law Enforcement Agencies.
With more than 5 years of experience, we now want to secure local firms, businesses, and
entrepreneurs. We are highly trained and certified in this field of cybersecurity and ethical
hacking.

Services:

 Penetration Testing
 Data Recovery & Digital Forensics
 Investigation of Cybercrime

CVM University 6 GCET

 CHAPTER 3 :
CSI LINUX OS &
DIGITAL FORENSICS
12002080501039 CSI Linux OS & Digital Forensics

3.1 CSI LINUX OS FEATURES

CSI Linux is an open-source Linux distribution designed for digital forensics. It includes
a range of tools for different types of investigations, including:
Data analysis, Network analysis, Web analysis, Malware analysis, Mobile analysis, Threat
detection, Online investigations, social media, Domain recon, Dark web.
3.1.1 CSI Linux also has other features, including:
 File recovery
 Network sniffing
 Memory analysis
 Built-in steganography tools

CSI Linux also has an AI assistant called Navi that can help with complex tasks or
provide real-time support.

3.2 INTEGRATION WITH DIGITAL FORENSICS

Digital forensics (DFIR) is a technique that uses digital tools and techniques to examine
digital evidence. DFIR can help investigators gather evidence and unravel complex
cybercrimes.
3.1.2 Examples of DFIR include:

 Network forensics: Reviewing network activity, such as web browsing,

messaging, and emailing, to identify an attack.
 Data mining: Using data mining to analyse structured data.
 Incident response: Using tools and techniques to detect, contain, and recover from
attacks.

3.3 ADVANTAGES AND LIMITATIONS

 Free
CSI Linux is free to download and use.
 User-friendly
CSI Linux has a user-friendly interface that makes it easy to navigate and access
tools.

CVM University 8 GCET

12002080501039 CSI Linux OS & Digital Forensics

 Pre-installed tools
CSI Linux comes pre-installed with many tools for online investigation, intrusion
detection, and prevention systems.
 Custom tools
CSI Linux has a set of custom tools installed to help with case management and
evidence collection.
 Regular updates
CSI Linux offers regular updates and expert support.
 Virtual machine appliance
CSI Linux is available in a Virtual Machine Appliance, so you can isolate your
evidence to minimize cross-contamination.
 Bootable disk image
CSI Linux is also available in a Bootable Triage disk image that can be restored
to an external/internal SSD/HDD/USB drive.

3.4 COMPARISON WITH OTHER OPERATING SYSTEMS

CSI Linux is a Linux distribution designed for cyber investigators. It's a multi-purpose
operating system that includes pre-installed tools for malware analysis, security prevention,
and online investigation. CSI Linux is free and open source, and it has a user-friendly
interface.

Here are some other operating systems:

 Linux: A stable and powerful operating system with a good price-performance

ratio. It's also customizable and is used by universities to teach operating systems
design.
 Android: A popular operating system derived from Linux and targeted at consumers
and small businesses.
 iOS: A mobile operating system targeted at consumers and small businesses.

CVM University 9 GCET

 CHAPTER 4 :
INTERNSHIP ACTIVITIES
12002080501039 Internship Activities

4.1 OVERVIEW OF ASSIGNED TASKS

The internship commenced with a detailed overview of assigned tasks, providing a roadmap
for the hands-on exploration within the digital forensics landscape. Tasks ranged from
foundational activities such as disk imaging and file system analysis to more advanced
challenges involving memory forensics and network traffic analysis. This section outlines
the structured approach taken to tackle these tasks, emphasizing their role in building a
comprehensive skill set and understanding of digital forensic processes.

4.2 UTILIZATION OF CSI LINUX OS

The heart of the internship experience lay in the extensive utilization of CSI Linux OS, a
dedicated operating system tailored for digital forensics. This section delves into the
practical applications of CSI Linux OS, covering tasks like disk imaging, file system
analysis, and memory forensics. The CSI Linux OS environment became a dynamic
workspace, providing a seamless integration of tools and techniques essential for effective
cybersecurity investigations.

4.3 COLLABORATION WITH DIGITAL FORENSICS

TEAM
Active collaboration with an experienced digital forensics team was a cornerstone of the
internship. This section recounts the collaborative efforts within the team, highlighting the
significance of teamwork, knowledge sharing, and effective communication in professional
digital forensics setting. The experiences gained through collaboration not only enhanced
technical skills but also provided valuable insights into the collaborative dynamics of the
field.

4.4 CASE MANAGEMENT

The internship involved the management of practical case studies, providing a bridge
between theoretical knowledge and real-world application. This section explores the
intricacies of case management, from initial case intake and evidence collection to the final
resolution. It sheds light on the process of applying digital forensics methodologies within
the structured framework of case management, emphasizing the role of CSI Linux OS tools
in each stage.

CVM University 11 GCET

12002080501039 Internship Activities

4.5 TOOLS AND TECHNIQUES APPLIED

The diverse array of tools and techniques embedded within CSI Linux OS became the focal
point of the internship's practical activities. This section provides a detailed examination of
the specific tools and techniques applied during hands-on tasks, encompassing disk
forensics tools, memory analysis techniques, network analysis tools, and custom scripting
with CSI Shell. Each tool and technique are explored in the context of its practical
application within the digital forensic workflow.

In essence, this chapter encapsulates the multifaceted nature of the internship activities,
from task assignment and tool utilization to collaboration, case management, and the
application of a diverse range of tools and techniques embedded in CSI Linux OS. The
synthesis of these elements reflects a holistic approach to digital forensics, grounded in
practical experiences and guided by the overarching goal of contributing to the evolving
field of cybersecurity investigations.

CVM University 12 GCET

 CHAPTER 5 :
TOOLS & TECHNOLOGIES
12002080501039 Tools & Technologies

Digital forensics relies heavily on a suite of specialized tools designed to extract, analyze,
and interpret digital evidence. This chapter provides an extensive overview of the tools
employed during the internship, shedding light on their functionalities and contributions to
the investigative process. The chosen tools align with the nuanced demands of digital
forensics, each playing a crucial role in navigating the complex landscape of cyber
investigations.

5.1 OVERVIEW OF DIGITAL FORENSICS TOOLS

Digital forensics tools are diverse, catering to the multifaceted nature of cyber
investigations. Foremost among these are imaging tools, such as FTK Imager and dd, which
facilitate the creation of forensic images of digital media, preserving the integrity of
evidence. Analysis tools, including Autopsy and EnCase, are instrumental in examining file
systems, uncovering hidden data, and reconstructing digital events.

5.2 CSI LINUX OS INTEGRATED TOOLS

CSI Linux OS integrates a range of specialized tools tailored for digital forensics. The
Sleuth Kit and Autopsy, incorporated into the OS, empower investigators with file system
analysis capabilities, allowing for the extraction of valuable information from storage
media. Memory forensics tools like Volatility complement this, enabling the examination
of volatile memory for evidence of running processes and system state.

5.3 TOOL SELECTION CRITERIA

CSI Linux OS integrates a range of specialized tools tailored for digital forensics. The
Sleuth Kit and Autopsy, incorporated into the OS, empower investigators with file system
analysis capabilities, allowing for the extraction of valuable information from storage
media. Memory forensics tools like Volatility complement this, enabling the examination
of volatile memory for evidence of running processes and system state.

5.4 HANDS-ON EXPERIENCE

The internship journey was punctuated with immersive hands-on experiences, delving into
the rich repertoire of tools and technologies encapsulated within the CSI Linux OS
environment. Navigating the start menu, each selection became a gateway to a distinct facet
of digital forensics, providing a tangible interface for investigative endeavours. This section
offers a detailed account of the hands-on encounters with CSI Linux OS tools, exploring
their functionalities, applications, and the pivotal role they played in addressing real-world
challenges. From disk forensics with Autopsy to memory analysis using Volatility, network
scrutiny with Wireshark, file system examination through The Sleuth Kit, and the

CVM University 14 GCET

12002080501039 Tools & Technologies

empowerment of custom scripting with CSI Shell, this chapter unfolds a narrative of
practical engagement, skill development, and the collaborative utilization of a
comprehensive toolset embedded in CSI Linux OS.

5.4.1 CSI Linux Tools

Below screenshot display all categories of investigation tools. First category CSI Linux
contains CSI made major tools.

Figure 1 CSI Linux Tools

Case management
“Start a Case” opens a case management tool it contains options for making new case including
details of victim and suspects. It shows tool options to investigate about case. Provide all features
to manage cases and save records. Also gives options to manage system management, route traffic
and crypto currencies.

Figure 2 CSI Case Management

CVM University 15 GCET

12002080501039 Tools & Technologies

Figure 3 CSI Case Management Menu

API Management
This tool serves as a storage of APIs and integrate APIs to tools where it is needed.

Figure 4 CSI Linux API Management Tool

5.4.2 Secure Comms

Secure comms contains various communications application like Discord, qTox, Signal
messenger, Telegram, WhatsApp, zoom. It also contains LinPhone and Anbox.
LinPhone is an open-source instant messaging and voice/video over IP (VoIP) phone that
makes it possible to communicate freely with people over the internet via voice, video and
text messaging. Anbox is a free and open-source compatibility layer that aims to allow
mobile applications and mobile games developed for Android to run on Linux distributions.

CVM University 16 GCET

12002080501039 Tools & Technologies

Canonical introduced Anbox Cloud, for running Android applications in a cloud

environment.

Figure 5 Secure Comms menu

5.4.3 Encryption
The Encryption menu within CSI Linux OS is a pivotal component designed to fortify
digital security through a range of encryption tools and techniques. This menu serves as a
command centre for investigators seeking to protect, analyse, and manage digital data
securely during forensic processes.

Figure 6 Encryption menu

Encryption Tools:
Functionality: This sub-menu hosts a collection of versatile encryption tools, allowing
investigators to apply encryption algorithms to specific files, directories, or entire disks. It

CVM University 17 GCET

12002080501039 Tools & Technologies

facilitates the secure storage and transmission of sensitive data during digital forensic
activities.
Tools: GPG (GNU Privacy Guard), OpenSSL, and VeraCrypt are among the tools
accessible in this sub-menu, offering a diverse set of encryption capabilities.

Figure 7 VeraCrypt

Online Password Cracking:

Functionality: Focused on password security, this sub-menu provides tools for testing the
strength of passwords through online cracking techniques. It assists investigators in
identifying weak passwords and potential vulnerabilities.
Tools: Tools like Hydra and Medusa are available, allowing for controlled online password
cracking attempts to assess the resilience of password protection.

Figure 8 Hydra GUI

CVM University 18 GCET

12002080501039 Tools & Technologies

Offline Password Cracking:

Functionality: Offline password cracking is essential for deciphering encrypted or hashed
passwords obtained during digital investigations. This sub-menu provides tools for offline
attacks, aiding in the recovery of password-protected data.
Tools: Hashcat and John the Ripper are prominent tools found in this sub-menu, offering
robust offline password cracking capabilities.

Figure 9 John the Ripper

Password Dictionary Builder:

Functionality: Password dictionaries are crucial for password cracking attempts. This sub-
menu facilitates the creation and management of password dictionaries, enabling
investigators to optimize their approach in deciphering passwords.
Tools: Crunch and CeWL are examples of tools available in this sub-menu, supporting the
generation of customized password dictionaries.

Steganography:
Functionality: Steganography involves hiding information within seemingly innocuous
data. This sub-menu provides tools for detecting, analysing, and decoding steganographic
content, a technique often used to conceal data during digital forensic investigations.
Tools: Steghide and ExifTool are commonly found in this sub-menu, assisting investigators
in uncovering hidden information within files.

CVM University 19 GCET

12002080501039 Tools & Technologies

Figure 10 Stegcracker

The Encryption menu, with its array of specialized sub-menus, establishes CSI Linux OS
as a comprehensive platform for digital security in the realm of digital forensics. From
robust encryption tools to password cracking mechanisms and steganography detection,
these features empower investigators with the means to safeguard digital information,
assess password vulnerabilities, and unveil hidden data during forensic analyses.

5.4.4 Dark Web Menu

The Dark Web menu within CSI Linux OS provides a comprehensive suite of tools tailored
specifically for investigating activities on the dark web. From analysing hidden services to
tracking cryptocurrency transactions, these tools equip investigators with the necessary
capabilities to navigate the complexities of the dark web environment effectively.

Figure 11 Dark Web Menu

CVM University 20 GCET

12002080501039 Tools & Technologies

Dark Web Tools:

Functionality: This sub-menu houses a collection of tools designed for data extraction,
monitoring, and analysis of illicit activities on the dark web. It enables investigators to
uncover hidden content, track cyber threats, and gather evidence securely.
Tools: Included tools encompass data extraction utilities, monitoring software, and analysis
frameworks tailored for dark web investigations.

Figure 12 Dark Web Investigations

Dark Web Hidden Service Analysis:

Functionality: Focused on analysing hidden services, this sub-menu facilitates tracking
illegal activities, uncovering hidden content, and examining hidden service
communications.
Tools: The sub-menu includes tools specifically designed for hidden service analysis,
offering capabilities for transaction tracking, content discovery, and communication
analysis.

Figure 13 Tor Hidden Services

CVM University 21 GCET

12002080501039 Tools & Technologies

Figure 14 Started service

I2P Router and BitTorrent Forensics:

Functionality: This sub-menu encompasses tools for examining I2P network traffic and
conducting forensic analysis of BitTorrent activities. It enables investigators to trace file
sharing activities, identify users, and gather evidence related to anonymous communication.
Tools: Notable tools such as traffic analysis utilities and BitTorrent forensics software are
accessible in this sub-menu.

Figure 15 BitTorrent

CVM University 22 GCET

12002080501039 Tools & Technologies

Oxen Wallet Analysis:

Functionality: Dedicated to analysing Oxen cryptocurrency transactions, addresses, and
activities, this sub-menu supports financial forensic investigations by tracing
cryptocurrency transactions and identifying wallet owners.
Tools: Tools for transaction tracking, address monitoring, and wallet activity analysis are
available in this sub-menu.

Figure 16 OXEN Wallet

Cryptocurrency Ledger Search:

Functionality: Providing tools for searching and analysing blockchain ledgers, this sub-
menu facilitates the identification of illicit financial activities and money laundering
conducted through cryptocurrencies.
Tools: Tools for blockchain analysis, transaction visualization, and smart contract analysis
are included in this sub-menu.

Hades Project Search:

Functionality: This sub-menu is dedicated to searching and monitoring activities related
to the Hades Project, including marketplaces and forums. It assists in uncovering hidden
services, illicit content, and communication channels associated with the Hades Project.

CVM University 23 GCET

12002080501039 Tools & Technologies

Tools: Tools for deep web crawling, sentiment analysis, and threat intelligence integration
are featured in this sub-menu.

Figure 17 The Hades Project

Lokinet GUI:
Functionality: Offering GUI tools for navigating and analysing Lokinet traffic in the dark
web environment, this sub-menu enhances forensic examinations of anonymous network
communications and identifies potential security threats.
Tools: GUI-based tools for traffic profiling, threat detection, and traffic visualization are
provided in this sub-menu.

Figure 18 Lokinet

CVM University 24 GCET

12002080501039 Tools & Technologies

Onion Search GUI:

Functionality: This sub-menu hosts GUI-based tools for conducting comprehensive
searches and analysis of onion websites on the dark web. It facilitates the discovery of
hidden content, forums, and services within the dark web landscape.
Tools: Tools for multi-source aggregation, predictive search, and content visualization are
available in this sub-menu.

The Dark Web menu in CSI Linux OS empowers investigators with a diverse range of
specialized tools and functionalities, enabling them to navigate and investigate the dark web
effectively. From analysing hidden services to tracing cryptocurrency transactions and
navigating anonymous networks, these tools enhance the capabilities of digital forensic
professionals in addressing the challenges posed by the dark web environment.

5.4.5 Incident Report Menu

The Incident Report menu within CSI Linux OS provides a comprehensive suite of tools
and sub-menus tailored specifically for incident response, network forensics, system
analysis, memory forensics, security assessment, and Security Information and Event
Management (SIEM) activities. These tools empower investigators and security
professionals to effectively identify, analyse, and mitigate security incidents and threats
across diverse digital environments.

Figure 19 Incident Report Menu

Network Forensics:
Tool:
Network Miner:
Functionality: Network Miner is a powerful tool for network forensics, enabling the
analysis and extraction of network artifacts from packet captures and network traffic. It
facilitates the identification of network-based threats, malicious activities, and suspicious
communication patterns.

CVM University 25 GCET

12002080501039 Tools & Technologies

System Analysis and Anti-Malware:

Tools:
Bpytop:
Functionality: Bpytop is a system monitoring and analysis tool that provides real-time
insights into system resource usage, processes, and network connections. It aids in
identifying system anomalies, resource bottlenecks, and potential malware activities.

Rootkit Hunter:
Functionality: Rootkit Hunter is an anti-rootkit tool designed to detect and remove
rootkits, backdoors, and other malicious software that may compromise system integrity. It
assists in system analysis and malware mitigation efforts.

Memory Forensics:
Tools:
AutoTimeLiner:
Functionality: AutoTimeLiner is a memory forensics tool that automates the timeline
creation process from memory images. It generates chronological timelines of system
events, processes, and activities, aiding in forensic analysis and timeline reconstruction.

Figure 20 AutoTimeLiner

CVM University 26 GCET

12002080501039 Tools & Technologies

Volatility3:
Functionality: Volatility3 is a feature-rich memory forensics framework for analysing
volatile memory dumps. It provides capabilities for memory image analysis, process
examination, malware detection, and artifact extraction, enhancing memory forensics
investigations.

Figure 21 Volatility3

Security Assessment Tools:

Tools:
Yersinia GUI:
Functionality: Yersinia GUI is a graphical user interface for Yersinia, a network tool
designed for testing and exploiting network protocols and vulnerabilities. It provides a
visual interface for conducting security assessments, identifying network weaknesses, and
assessing network security posture.

CSI SIEM Tool:

Functionality: CSI SIEM tools encompass a suite of Security Information and Event
Management (SIEM) capabilities, including log collection, analysis, correlation, and
incident response. These tools enable centralized monitoring, alerting, and reporting on
security events across the digital infrastructure, enhancing situational awareness and
proactive threat management.

The Incident Report menu in CSI Linux OS integrates a diverse range of tools and sub-
menus essential for incident response, digital forensics, and security assessment tasks. From
network analysis and memory forensics to system monitoring, malware detection, and
SIEM functionalities, these tools equip security professionals with the necessary resources
to effectively manage and mitigate security incidents and threats.

CVM University 27 GCET

12002080501039 Tools & Technologies

5.4.6 Computer Forensics Menu

The Computer Forensics menu in CSI Linux OS provides a comprehensive array of tools
and sub-menus designed to facilitate forensic disk imaging, data recovery, file recovery,
file analysis, and mounting of drive images. These tools empower forensic investigators
and analysts to acquire, analyse, and extract digital evidence from various storage media
and file systems.

Figure 22 Computer Forensics Menu

Forensic Disk Imagers:

Tools:
Guymager:
Functionality: Guymager is a forensic disk imager that enables bit-by-bit imaging of
storage devices, creating forensic images for analysis and evidence preservation.
DCFL DD:
Functionality: DCFL DD is a disk imaging tool based on the dd command, providing
forensic investigators with reliable imaging capabilities for storage media.
Startup Disk Creator:
Functionality: The Startup Disk Creator tool facilitates the creation of bootable USB drives
from disk images, supporting forensic boot environments and analysis.

CVM University 28 GCET

12002080501039 Tools & Technologies

Data Recovery Imager:

Tools:
DD Rescue GUI:
Functionality: DD Rescue GUI is a graphical user interface for the ddrescue command,
enabling data recovery from damaged or corrupted storage media while preserving data
integrity.

Figure 23 DDRescue-GUI

RecoverDM:
Functionality: RecoverDM is a data recovery tool designed for imaging and recovering
data from damaged or faulty storage devices, supporting various file systems and disk
formats.

Figure 24 RecoverDM

CVM University 29 GCET

12002080501039 Tools & Technologies

File Recovery:
Tools:
Magic Rescue:
Functionality: Magic Rescue is a file recovery tool that scans storage media for deleted or
lost files, allowing for the recovery of files based on their file signatures and metadata.

Recuperabit - NTFS:
Functionality: Recuperabit - NTFS is a specialized file recovery tool for NTFS file
systems, enabling the recovery of deleted or damaged files from NTFS partitions.

Figure 25 Recuperabit - NTFS

Scalpel Data Carver:

Functionality: Scalpel Data Carver is a data carving tool that reconstructs files based on
file headers, footers, and content patterns, facilitating the recovery of fragmented or
partially overwritten files.

CVM University 30 GCET

12002080501039 Tools & Technologies

File Analysis:
Tools:
Forensic Registry:
Functionality: Forensic Registry is a tool for analysing Windows registry hives, providing
insights into system configurations, user activities, and software installations.

Figure 26 Forensic Registry Editor

XnView - Image Analysis:

Functionality: XnView is an image viewer and analysis tool that supports image forensics,
metadata extraction, and visual analysis of image files.
Functionality: PDF Parser is a tool for parsing and analysing PDF files, extracting
metadata, embedded content, and identifying potential security threats or malicious
elements.

Mount Drive Images Tool:

Functionality: The Mount Drive Images Tool provides functionality for mounting forensic
disk images as virtual drives, allowing investigators to access and analyse image contents

CVM University 31 GCET

12002080501039 Tools & Technologies

without altering the original data. It supports various image formats and provides read-only
access for forensic examinations.

The Computer Forensics menu in CSI Linux OS consolidates a diverse range of tools and
functionalities essential for forensic imaging, data recovery, file analysis, and evidence
extraction tasks. From imaging storage devices to recovering deleted files and analysing
digital artifacts, these tools enable forensic investigators to conduct thorough examinations
and extract actionable insights from digital evidence.

5.4.7 Mobile Forensics Menu

The Mobile Forensics menu in CSI Linux OS provides a comprehensive set of tools and
sub-menus dedicated to mobile device forensics, including imaging, data extraction,
analysis, and application forensics for Android and iOS devices.

Figure 27 Mobile Forensics Menu

Tools:
Android Logical Imager:
Functionality: Android Logical Imager is a tool designed for logical imaging of Android
devices, allowing forensic investigators to extract user data, apps, and system information
from Android devices for analysis and evidence preservation.
iOS Logical Imager:
Functionality: iOS Logical Imager facilitates logical imaging of iOS devices, enabling
investigators to extract user data, app data, and system information from iPhones and iPads,
aiding in forensic examinations and investigations.

CVM University 32 GCET

12002080501039 Tools & Technologies

iLEAPP:
Functionality: iLEAPP is a mobile forensic tool focused on iOS devices, providing
capabilities for data extraction, analysis, and reporting of iOS artifacts, including messages,
contacts, and media files.

Figure 28 iLEAPP

LEAPP:
Functionality: LEAPP (Linux Evidence Acquisition Forensic Tool) is a forensics tool
specifically designed for iOS devices, offering advanced data extraction, analysis, and
reporting functionalities for forensic investigations.
Android Free Forensic Toolkit:
Functionality: The Android Free Forensic Toolkit is a comprehensive suite of tools for
Android device forensics, including data extraction, analysis, recovery, and reporting
capabilities tailored for forensic examinations of Android devices.

Figure 29 Android Free Forensic Toolkit

CVM University 33 GCET

12002080501039 Tools & Technologies

Heimdall APK Tool:

Functionality: Heimdall APK Tool is a utility for analysing Android application packages
(APKs), providing insights into app permissions, code structures, resource files, and
potential security vulnerabilities, aiding in mobile app forensics and analysis.

The Mobile Forensics menu in CSI Linux OS consolidates a range of specialized tools and
functionalities essential for forensic investigations on Android and iOS mobile devices.
From logical imaging to data extraction, application analysis, and artifact examination,
these tools empower forensic investigators to uncover digital evidence, analyse mobile
device contents, and generate forensic reports for legal proceedings and security
assessments.

5.4.8 Vehicle Forensics Menu

The Vehicle Forensics menu in CSI Linux OS offers a specialized suite of tools and sub-
menus tailored for forensic investigations related to vehicular data, including CAN bus
analysis, drone timeline analysis, and vehicle data extraction.

Figure 30 Vehicle Forensics Menu

vLEAPP:
Functionality: vLEAPP (Vehicle Linux Evidence Acquisition Forensic Tool) is a
dedicated forensics tool for extracting and analysing data from vehicle systems, including
CAN bus data, GPS information, and onboard computer logs. It enables investigators to
gather digital evidence from vehicles for forensic analysis and incident reconstruction.

CVM University 34 GCET

12002080501039 Tools & Technologies

CanDump:
Functionality: CanDump is a command-line tool for capturing and logging Controller Area
Network (CAN) bus data, allowing forensic investigators to monitor and analyse vehicle
communication protocols, messages, and events for forensic examination and analysis.

CanSniffer:
Functionality: CanSniffer is a CAN bus analysis tool that provides real-time monitoring,
logging, and analysis of CAN bus traffic, enabling forensic investigators to identify and
analyse vehicle network activities, commands, and anomalies.

Drone Timeline Tools:

Functionality: Drone Timeline Tools encompass a set of utilities and scripts for analysing
and reconstructing timelines of drone activities and events. These tools aid in drone incident
investigation, flight path analysis, and digital evidence collection from unmanned aerial
vehicles (UAVs).

CVM University 35 GCET

12002080501039 Tools & Technologies

The Vehicle Forensics menu in CSI Linux OS equips forensic investigators with specialized
tools and capabilities for extracting, analysing, and reconstructing digital evidence from
vehicular systems, CAN bus networks, and drone activities. From CAN bus monitoring to
drone timeline analysis, these tools enable forensic examinations and investigations into
vehicular incidents, accidents, and digital forensic analysis of vehicle-related data.

5.4.9 Malware Analysis and Reverse Engineering Menu

The Malware Analysis and Reverse Engineering menu in CSI Linux OS provides a
comprehensive toolkit for analysing and reverse engineering malicious software, aiding in
the identification, understanding, and mitigation of cybersecurity threats.

Figure 31 Malware Analysis and Reverse Engineering Menu

CVM University 36 GCET

12002080501039 Tools & Technologies

BinWalk:
Functionality: BinWalk is a tool for analysing binary files, firmware, and executables to
identify embedded files, hidden data, and vulnerabilities within binary code, facilitating
malware analysis and forensic investigations.

Figure 32 BinWalk

JD GUI:
Functionality: JD GUI is a Java decompiler that allows reverse engineers to decompile and
analyse Java bytecode, aiding in the analysis of Java-based malware, applications, and
applets for vulnerabilities and malicious behaviour.

CVM University 37 GCET

12002080501039 Tools & Technologies

GDB (GNU Debugger):

Functionality: GDB is a powerful debugger for analysing and debugging executable
programs and processes, providing real-time insights into program behaviour, memory
structures, and execution paths during malware analysis and reverse engineering.
EDB Debugger:
Functionality: EDB Debugger is a user-friendly graphical debugger for analysing and
debugging binaries, assisting reverse engineers in identifying vulnerabilities, analysing
code flow, and understanding malware behaviour in a controlled environment.

Figure 33 EDB Debugger

ImHex:
Functionality: ImHex is a hex editor and binary analysis tool that enables forensic
investigators and reverse engineers to inspect, modify, and analyse binary files, malware
payloads, and memory dumps, providing deep visibility into binary structures and data.
wxHexEditor:
Functionality: wxHexEditor is a feature-rich hex editor for viewing, editing, and analysing
binary files, disk images, and memory dumps, supporting forensic analysis, malware
analysis, and reverse engineering tasks with advanced hex editing capabilities.

CVM University 38 GCET

12002080501039 Tools & Technologies

Radare2 - Cutter GUI:

Functionality: Radare2 is a powerful open-source framework for reverse engineering,
disassembly, and debugging, while Cutter is a graphical user interface for Radare2, offering
a user-friendly environment for analysing binaries, malware, and code structures.

RetDec:
Functionality: RetDec is a retargetable decompiler that converts machine code into a high-
level programming language, facilitating the analysis and understanding of compiled
binaries, malware samples, and reverse engineering tasks.

Figure 34 Radare2

The Malware Analysis and Reverse Engineering menu in CSI Linux OS integrates a range
of advanced tools and utilities essential for analysing, decompiling, debugging, and
understanding malicious software, enabling cybersecurity professionals and forensic
analysts to dissect malware, identify attack vectors, and develop effective mitigation
strategies against cyber threats.

CVM University 39 GCET

12002080501039 Tools & Technologies

5.4.10 SIGINT Menu

The SIGINT (Signals Intelligence) menu in CSI Linux OS encompasses a diverse range of
tools and sub-menus tailored for signal interception, analysis, and manipulation across
wireless, software-defined radio (SDR), hardware programming, and advanced signal
intelligence operations.

Figure 35 SIGINT Menu

Wireless-802.11:
Tools:
Aircrack-ng:
Functionality: Aircrack-ng is a suite of tools for wireless LAN (802.11) network security
analysis, including packet capturing, password cracking, and network monitoring
capabilities.
WifiPumpkin 3:
Functionality: WifiPumpkin 3 is a wireless security toolset that enables rogue access point
creation, captive portal attacks, and wireless network manipulation for penetration testing
and signal intelligence operations.

CVM University 40 GCET

12002080501039 Tools & Technologies

SDR (Software-Defined Radio):

Tools:
Dump1090-mutability:
Functionality: Dump1090-mutability is a Mode S decoder for tracking aircraft positions
and ADS-B (Automatic Dependent Surveillance-Broadcast) data from aircraft
transponders.
FM Radio:
Functionality: FM Radio software allows users to tune into and analyze FM radio
frequencies for signal intelligence, modulation analysis, and spectrum monitoring.

Figure 36 FM Radi Tuner

GQRX - SDR:
Functionality: GQRX is a versatile SDR receiver and spectrum analyser for exploring and
analysing radio frequency signals across various bands.

Figure 37 GQRX-SDR

CVM University 41 GCET

12002080501039 Tools & Technologies

IMSI Catcher Sniffer:

Functionality: IMSI Catcher Sniffer tools enable the detection and analysis of IMSI
catchers and rogue base stations, aiding in cellular network security and signal monitoring.
Kalibrate - GSM Scanner:
Functionality: Kalibrate is a GSM signal scanner that helps in GSM base station
identification, frequency measurement, and GSM network analysis.
RTL-SDR-Scanner:
Functionality: RTL-SDR-Scanner is a tool for scanning and analysing radio frequencies
using RTL-SDR (Software-Defined Radio) hardware, supporting spectrum analysis and
signal identification.
TempestSDR:
Functionality: TempestSDR is a tool for monitoring and analysing electromagnetic
radiation emitted by electronic devices, enabling signal intelligence and surveillance
operations.

Hardware Programming:
Tools:
qFlipper:
Functionality: qFlipper is a hardware programming tool for flashing firmware and
manipulating hardware devices, providing capabilities for hardware-based signal
interception and analysis.

Figure 38 qFlipper

CVM University 42 GCET

12002080501039 Tools & Technologies

Proxmark3:
Functionality: Proxmark3 is a versatile RFID (Radio-Frequency Identification) tool for
reading, cloning, and analysing RFID tags and signals, supporting RFID signal intelligence
and penetration testing.

Figure 39 ProxyMark3

CHIRP:
Functionality: CHIRP is a software tool for programming amateur radio transceivers,
facilitating radio frequency programming, modulation, and signal analysis for amateur
radio enthusiasts and signal intelligence operations.

Figure 40 CHIRP

CVM University 43 GCET

12002080501039 Tools & Technologies

Artemis Tool:
Functionality: The Artemis tool is a comprehensive signal intelligence suite that combines
various signal interception, analysis, and exploitation capabilities, offering advanced
features for signal manipulation, monitoring, and exploitation in SIGINT operations.

Figure 41 Artemis

The SIGINT menu in CSI Linux OS integrates a powerful arsenal of tools and capabilities
for signals intelligence operations, encompassing wireless network analysis, SDR spectrum
monitoring, hardware programming, and advanced signal interception and exploitation
techniques. These tools empower SIGINT professionals and security analysts to detect,
analyze, and respond to signals-based threats and vulnerabilities effectively.

CVM University 44 GCET

12002080501039 Tools & Technologies

5.4.11 Virtualization Menu

The Virtualization menu in CSI Linux OS offers a versatile set of tools and platforms for
creating, managing, and deploying virtualized environments, enhancing scalability,
efficiency, and flexibility in software development, testing, and deployment scenarios.

Figure 42 Virtualization Menu

KVM-Virt-manager:
Functionality: KVM (Kernel-based Virtual Machine) with Virt-manager is a robust
virtualization solution for Linux systems, providing full virtualization capabilities, VM
management, and performance optimization for hosting virtual machines (VMs) and cloud
environments.

Figure 43 KVM-virt manager

CVM University 45 GCET

12002080501039 Tools & Technologies

VirtualBox:
Functionality: VirtualBox is a powerful open-source virtualization platform that supports
multiple guests operating systems, offering features such as VM snapshots, virtual
networking, and seamless integration for development and testing environments.
VMware Player:
Functionality: VMware Player is a user-friendly virtualization tool that enables the
creation and management of VMs for testing, development, and demonstration purposes,
providing a comprehensive virtualization environment with advanced features.
Docker:
Functionality: Docker is a containerization platform for deploying and managing
lightweight, portable containers for applications, services, and microservices, facilitating
rapid deployment, scalability, and resource efficiency in software development and
deployment pipelines.
Kubernetes:
Functionality: Kubernetes is a container orchestration platform that automates
deployment, scaling, and management of containerized applications and services, providing
a robust infrastructure for container-based deployments and microservices architectures.
LXD:
Functionality: LXD is a lightweight container hypervisor for managing system containers
and virtual machines, offering secure isolation, performance optimization, and resource
control for hosting multiple containers and VMs on a single host.

The Virtualization menu in CSI Linux OS empowers users with a range of virtualization
tools and platforms, including full virtualization, containerization, and container
orchestration solutions, enabling efficient resource utilization, application isolation, and
scalability for diverse computing environments and use cases.

CVM University 46 GCET

12002080501039 Tools & Technologies

5.4.12 Threat Intelligence Menu

The Threat Intelligence menu in CSI Linux OS provides a comprehensive suite of tools and
resources for monitoring, analysing, and responding to cybersecurity threats, including live
threat maps, human trafficking awareness, terrorism threat monitoring, and cyber warfare
intelligence.

Figure 44 Threat Intelligence

Live Threat Maps:

Cyber Threat Maps:

Arbor Network:
Functionality: Arbor Network's cyber threat map provides real-time visibility into global
DDoS attacks, botnet activity, and cybersecurity threats, aiding in threat detection and
incident response.

CVM University 47 GCET

12002080501039 Tools & Technologies

Kaspersky Cyber Map:

Functionality: Kaspersky's cyber map offers insights into cyber threats, malware
outbreaks, and cyber-attack trends worldwide, supporting threat intelligence analysis and
cybersecurity monitoring.

Figure 45 Kaspersky Cyber Map

NetScout Cyber Threat Horizon:

Functionality: NetScout’s cyber threat horizon map visualizes global cyber threats,
network vulnerabilities, and attack trends, empowering organizations with threat awareness
and situational understanding.

SonicWall Live Attack Map:

Functionality: SonicWall’s live attack map displays real-time cyber-attacks, intrusion
attempts, and threat actor activities, enabling proactive threat mitigation and security
operations.

Human Trafficking Maps and Resources:

Global Incident Map - Human Trafficking Map:
Functionality: The Global Incident Map provides an interactive map showcasing human
trafficking incidents, awareness campaigns, and resources for combating human trafficking
worldwide.

CVM University 48 GCET

12002080501039 Tools & Technologies

National Centre for Missing & Exploited Children:

Functionality: The NCMEC offers resources, reports, and awareness initiatives related to
missing children, child exploitation, and human trafficking, supporting law enforcement
and advocacy efforts.

Polaris Project:
Functionality: The Polaris Project provides data, research, and advocacy tools to combat
human trafficking, offering insights into trafficking trends, victim support, and policy
initiatives.

Terrorism Threat Maps:

Active Global Terrorist Organizations:
Functionality: This tool provides information on active global terrorist organizations, their
activities, affiliations, and threat levels, aiding in terrorism threat assessment and
intelligence gathering.

Figure 46 Active Global Terrorist Organization Map

CVM University 49 GCET

12002080501039 Tools & Technologies

Crisis Watch:
Functionality: Crisis Watch monitors global conflicts, crises, and political violence,
providing situational awareness, risk assessments, and geopolitical analysis for security
professionals and decision-makers.

Figure 47 Crisis Watch

Global Incident Map:

Functionality: In addition to human trafficking, the Global Incident Map covers terrorism
incidents, attacks, and security alerts worldwide, offering a comprehensive view of global
security threats.
Tools:
Cyber War - OSINT Publication:
Functionality: Open-Source Intelligence (OSINT) publications offer insights into cyber
warfare tactics, techniques, and threat actors, enhancing understanding of cyber espionage,
cyber-attacks, and state-sponsored threats.

Figure 48 Cyber War - OSINT Publication

CVM University 50 GCET

12002080501039 Tools & Technologies

OpenCTI:
Functionality: OpenCTI is an open-source threat intelligence platform for collecting,
analysing, and sharing cyber threat intelligence, providing collaboration tools, data
visualization, and incident response capabilities.
MISP (Malware Information Sharing Platform):
Functionality: MISP is a threat intelligence platform for sharing, collaborating, and
analysing threat data, including indicators of compromise (IOCs), threat actor profiles, and
malware analysis, supporting cybersecurity operations and incident response.

The Threat Intelligence menu in CSI Linux OS equips users with a comprehensive range
of tools and resources for monitoring, analysing, and responding to cybersecurity threats,
human trafficking incidents, terrorism activities, and cyber warfare operations, enhancing
threat awareness, intelligence sharing, and security posture.

5.5 TOOL EFFECTIVENESS AND LIMITATIONS

An evaluative lens is applied to gauge the effectiveness of the tools in diverse investigative
scenarios. Success stories underscore instances where tools played a pivotal role in
unraveling complex cases. Concurrently, the limitations of certain tools are explored,
acknowledging challenges faced and potential areas for improvement in future iterations.

This presents a panoramic view of the digital forensics’ toolkit, underscoring the pivotal
role these tools play in the investigative process. From imaging to analysis and memory
forensics, each tool contributes to the comprehensive and meticulous examination of digital
evidence, ensuring the integrity and reliability of findings in the ever-evolving landscape
of cybersecurity investigations.

CVM University 51 GCET

 CHAPTER 6 :
CONCLUSIONS
12002080501039 Conclusion

Conclusion:

In conclusion, this internship report highlights the practical value of CSI Linux OS in digital
forensics, showcasing its effectiveness in tasks such as disk and memory forensics, network
analysis, and custom scripting. Case studies illustrate successful outcomes, while insights
from challenges emphasize problem-solving skills. Recommendations signal a commitment
to improving digital forensics, and personal reflections stress the importance of experiential
learning and adaptability. Overall, the report contributes to the evolution of tools like CSI
Linux OS in the dynamic digital landscape, emphasizing the crucial role of practical
experiences in bridging theory and application.

CVM University 53 GCET

12002080501039 References

References:

 CSI Linux Academy

 CSI Linux Certified Investigator Course

CVM University 54 GCET