WEBVTT

00:00.720 --> 00:05.000
In this updated video, we're going to download and install CSI Linux.

00:05.640 --> 00:08.320
Now this again is a updated video.

00:08.960 --> 00:12.840
Some students were having some problems with the CSI website.

00:12.840 --> 00:16.520
Since the website did change from the last time I recorded the video.

00:17.840 --> 00:23.000
So if you have any problems, if you have any questions, always feel free to reach out.

00:23.000 --> 00:32.800
And if it's something that's like this where the page changed and it may need a video update, I'm more

00:32.800 --> 00:37.920
than happy to, you know, update these videos for that purpose.

00:37.920 --> 00:39.720
So let's take a look.

00:41.120 --> 00:43.120
So I'm over on the CSI website.

00:43.120 --> 00:45.400
So CSI Linux.com.

00:48.560 --> 00:50.200
And I'll take you to this page here.

00:51.800 --> 00:55.880
Now the first one that comes up is CSI Linux Virtual Appliance.

00:56.800 --> 00:58.880
And this is a VirtualBox appliance.

00:59.440 --> 01:00.600
And there's two versions here.

01:00.600 --> 01:07.700
There's one that has a seven zip file with the extension pack, which I normally download.

01:07.700 --> 01:13.100
However, I just downloaded this to test it again and I did have problems with this.

01:13.100 --> 01:18.740
So if you do download this one you want to have seven zip and compress it and install it.

01:19.100 --> 01:20.460
And it's normally okay.

01:20.780 --> 01:25.540
But again I, I don't know if it was a problem with the download site or what, but I did have problems,

01:25.540 --> 01:28.780
so I went ahead and downloaded this one here.

01:29.540 --> 01:30.700
The second option here.

01:30.740 --> 01:38.140
Now this is a much larger file because it's not compressed and it's about 20.5 gigs.

01:38.980 --> 01:43.340
So again I did download ahead of time because it saves a whole lot of time.

01:43.780 --> 01:47.620
Um, I don't think you want to sit here while I downloaded 20.5 gig file.

01:48.020 --> 01:53.740
So the I have my VirtualBox already installed.

01:54.180 --> 01:57.260
So once that's downloaded, I'm just going to double click this here.

01:58.340 --> 01:58.980
And.

02:01.000 --> 02:02.920
My VirtualBox comes up here.

02:03.200 --> 02:04.840
So I'm going to leave everything default.

02:04.840 --> 02:10.000
You always could change the folder location here by clicking that little folder there and changing it.

02:10.400 --> 02:12.120
You could change the settings too if you want.

02:12.160 --> 02:20.120
I'm going to leave it default, so click finish and we can see it's importing the appliance here.

02:20.120 --> 02:21.360
Now I'm going to pause the video.

02:21.360 --> 02:23.000
That's going to take a couple minutes.

02:24.520 --> 02:24.920
Okay.

02:24.960 --> 02:29.960
So once CSI is imported gets 100% we can close this dialog box.

02:30.480 --> 02:34.920
And we can either on this we can click start.

02:34.920 --> 02:36.560
Or we could double click this.

02:40.400 --> 02:46.640
Now one of the cool things about using VirtualBox or VMware is we can take snapshots.

02:46.680 --> 02:50.320
Well VMware you can't take snapshots in the free version.

02:50.600 --> 02:53.720
You can on the on the paid version.

02:53.720 --> 02:59.960
But a snapshot essentially lets us take a snapshot of the operating system.

02:59.960 --> 03:05.700
So if I click on take I could put down base image for example.

03:06.700 --> 03:07.900
And uh.

03:10.300 --> 03:13.460
I could put a description which is really useful and I can click okay.

03:13.900 --> 03:23.900
Now what this allows me to do is I can go through I can install 100 programs, I can make all sorts

03:23.900 --> 03:28.700
of configuration changes, and I can go through an investigation.

03:28.700 --> 03:34.860
And once I'm done, I can simply go back to whatever one I want.

03:35.140 --> 03:38.500
And I could do restore right there.

03:39.180 --> 03:40.980
And I could take a bunch of snapshots.

03:40.980 --> 03:42.700
I could take another snapshot.

03:46.980 --> 03:56.300
Now what I would what I would suggest is if you have the hard drive space, create a snapshot of your

03:56.300 --> 04:05.490
base image and then take a snapshot of your system after you make whatever changes you need to add bookmarks,

04:05.490 --> 04:10.010
configuration changes, additional software, etc. and then take a snapshot.

04:10.610 --> 04:13.610
Don't do any investigations yet, just take a snapshot.

04:14.250 --> 04:20.490
Now the reason for this is every time you do an investigation, you should be on a clean virtual machine.

04:20.730 --> 04:24.930
And what will happen is say for example, this snapshot.

04:24.970 --> 04:31.130
Once my clean operating system, I go through an investigation, I'm done.

04:32.250 --> 04:33.610
I should be on the current state.

04:33.610 --> 04:35.010
I go back to snapshot one.

04:35.010 --> 04:39.130
I do restore it, restores it back to that clean state again.

04:39.450 --> 04:43.650
So every time I do an investigation, I have a completely clean computer.

04:44.170 --> 04:50.730
Instead of doing, say, not doing this, doing investigation, doing another investigation, doing

04:50.730 --> 04:57.690
another investigation, then you have a corrupt operating system, essentially because you may have

04:57.690 --> 05:01.630
done this or that, gone to certain sites that may have compromised the Compromised system before.

05:02.270 --> 05:03.110
Not a good idea.

05:03.150 --> 05:07.390
Just have a clean snapshot every time you do a new investigation.

05:08.230 --> 05:16.590
The other thing is, if something happens, I go to a, say, hacking website and it's it's full of

05:16.590 --> 05:19.710
malware and malicious stuff and it blows up my virtual machine.

05:20.390 --> 05:25.710
Well, instead of going through and redoing my virtual machine again, I could simply again go back

05:25.710 --> 05:28.390
to that snapshot and click restore before it happened.

05:28.990 --> 05:29.750
Pretty cool.

05:29.790 --> 05:35.830
Now, if I have snapshots I don't want like this one here, I can click on delete and it will delete

05:35.830 --> 05:36.910
that snapshot.

05:38.470 --> 05:38.990
Okay.

05:39.310 --> 05:42.190
So again to start this I'm just going to click on start here.

05:45.830 --> 05:48.150
And you can see powering up the VM.

05:49.230 --> 05:50.950
Now we'll let this start up here.

05:50.990 --> 05:52.230
Doesn't take very long.

06:04.010 --> 06:04.490
Okay.

06:08.530 --> 06:09.410
Almost there.

06:12.210 --> 06:12.690
Okay.

06:12.730 --> 06:14.050
And now we have our login screen.

06:14.050 --> 06:17.530
I'm just going to close this dialog box by clicking this red x here.

06:18.410 --> 06:20.450
And the login is CSI.

06:24.730 --> 06:28.450
In whatever CSI has for a password is going to be CSI.

06:31.050 --> 06:34.810
There you go in here and we can see all sorts of things here.

06:35.050 --> 06:42.810
Linux tools, encryption, secure KMS, dark web, uh, incident reports, settings, accessories.

06:42.810 --> 06:47.610
So it works much like a regular any other computer.

06:48.690 --> 06:51.890
And up in here we can see what our IP address is.

06:51.930 --> 06:54.370
And over here is restart and shutdown.

06:55.290 --> 06:59.210
So this was our install CSI Linux.

06:59.210 --> 07:00.490
Thank you so much for watching.

07:00.490 --> 07:01.770
I'll see you in the next video.