WEBVTT

00:01.090 --> 00:04.900
In this video we're going to take a look and install CSI Linux.

00:04.900 --> 00:12.130
Now, CSI Linux is a Linux distro that's based off of Buntu, and it's a really remarkable operating

00:12.130 --> 00:12.910
system.

00:12.910 --> 00:18.340
It's super easy to use and extraordinarily powerful, and it's built for things like investigations

00:18.340 --> 00:21.040
and open source intelligence in mind.

00:21.550 --> 00:30.430
Now, in previous courses, I have recommended using things like Trace Labs, Linux also Buscador,

00:30.610 --> 00:36.820
and even building your own ozone machine, or even using a windows host, our windows virtual machine

00:36.820 --> 00:37.420
rather.

00:38.290 --> 00:41.800
And these are all absolutely viable options to do.

00:41.830 --> 00:47.020
However, if you're just starting out, you're just kind of getting into Osint.

00:47.020 --> 00:52.450
I do recommend using a Linux host, and CSI Linux is really, really great operating system.

00:52.450 --> 00:53.950
The other ones are also really good.

00:53.950 --> 00:59.890
But in this course we're going to focus on CSI Linux because it has some really incredible tools to

00:59.890 --> 01:00.460
use.

01:01.210 --> 01:09.070
Now, if we head over to CSI Linux.com, it'll take this page here and we can download CSI Linux.

01:09.070 --> 01:15.760
They have Academy that you can go to and start learning more about open source intelligence and suicide

01:15.760 --> 01:18.550
Linux and that, which is pretty cool.

01:18.580 --> 01:22.660
But for now we're going to go ahead and just download the operating system.

01:22.660 --> 01:29.230
So click on download CSI Linux and it will take us to the download page.

01:29.230 --> 01:31.750
And we'll see some options there.

01:31.750 --> 01:32.830
Let's take a look.

01:37.690 --> 01:38.410
Okay.

01:38.410 --> 01:44.230
So if we go here we can see there is current version is 2020 3.2.

01:44.260 --> 01:48.340
Now if there is a newer version I always recommend going with the new version.

01:48.730 --> 01:52.480
And if you're watching the course and there is a newer version, don't worry about it.

01:52.480 --> 02:01.750
As long as it's a non-major release, which if it's a say, 2020 3.3 or 2020 3.4 probably won't have

02:01.750 --> 02:05.500
a major changes and you won't have to worry about it.

02:05.500 --> 02:08.980
Go ahead and install it and you should be able to go to the courses normal.

02:08.980 --> 02:13.210
If there is a major change, I will go through and I'll rerecord the video.

02:14.070 --> 02:22.980
Now, if we see this virtual appliance for virtual box, we see, uh, VMware, we see KVM.

02:23.790 --> 02:28.650
If you decide to use an alternative for one of these, go ahead and download one of these.

02:28.650 --> 02:32.880
We also see there's a bootable, uh, external drive version, which is great.

02:32.880 --> 02:34.110
That's really cool.

02:34.110 --> 02:39.450
And there's this, uh, portable apps version, which we'll take a look at in the bonus section for

02:39.450 --> 02:44.010
now, what you want to focus on is go to VirtualBox and click Direct Download.

02:44.010 --> 02:47.910
Now I went ahead and went download the file already to save some time.

02:48.840 --> 02:51.210
It's going to be a seven zip archive.

02:51.210 --> 02:55.710
So you want to make sure you have seven zip installed and you want to uncompress it.

02:56.900 --> 03:00.770
And for the windows host I buy, right click on here I can see seven zip open.

03:00.770 --> 03:04.370
I can click open and then you can do extract.

03:04.370 --> 03:07.130
And I already went ahead and did that to save some time.

03:07.130 --> 03:08.870
And we can see the folder here.

03:08.870 --> 03:11.180
We can see two VirtualBox files here.

03:12.420 --> 03:14.220
So let's close this out.

03:14.850 --> 03:19.050
We open our virtual machine and again you can see a couple virtual machines in here.

03:19.440 --> 03:21.750
We can go to machine and we can do add.

03:22.560 --> 03:29.040
And once we go add we want to go browse to wherever the folder is mines my downloads and click on this

03:29.040 --> 03:31.980
I'm going to click on this VirtualBox file here.

03:31.980 --> 03:34.740
Click open and we can see it appear here.

03:35.900 --> 03:39.200
Now, if we want to take a look, we can go to settings here.

03:41.080 --> 03:45.400
And we can start clicking through and taking a look what this virtual machine looks like.

03:45.610 --> 03:49.030
So we can see it's a ubuntu 64 bit.

03:49.030 --> 03:50.620
Its type is Linux.

03:50.620 --> 03:52.060
We can go to system.

03:52.090 --> 03:53.740
We can see the base memory here.

03:53.740 --> 03:58.780
Now this is really cool about virtual machines I can give this as much memory.

04:00.120 --> 04:06.090
Or as little memory as I want based on how much I have free on my host machine.

04:06.660 --> 04:10.770
So I have a lot of memory on my host machine, so I'm going to leave it at eight gigs.

04:10.800 --> 04:16.950
If you have less than eight gigs free of memory to use, you definitely want to bump that down.

04:18.080 --> 04:21.230
Also for processors.

04:21.230 --> 04:23.810
I can bump this up or bump it down.

04:24.200 --> 04:25.040
Uh, display.

04:25.040 --> 04:28.430
We can change the display settings, network settings, audio settings.

04:28.430 --> 04:31.700
So again this operates as its own machine.

04:31.700 --> 04:34.250
But it's using some of the resources from host machines.

04:34.250 --> 04:40.100
So that's really cool to be able to use this okay I'm going to click okay here.

04:41.090 --> 04:44.000
And another thing I want to show you is snapshots.

04:44.000 --> 04:49.220
So if I right click on this CSI Linux here, I could clone it.

04:49.220 --> 04:51.290
I can create shortcuts.

04:52.070 --> 04:55.970
Um, I can again go to the settings.

04:57.160 --> 05:01.240
Also, the other thing I could do is I could do snapshot.

05:01.240 --> 05:03.580
So you see this little camera icon here with a plus.

05:03.670 --> 05:07.210
I could do click that and it does a snapshot.

05:07.480 --> 05:12.160
Now a snapshot is essentially taking a image of that operating system.

05:12.160 --> 05:15.730
So this is fresh out of the box CSI Linux.

05:15.730 --> 05:19.240
So I can type in something like OEM.

05:20.170 --> 05:25.150
And I could put down a snapshot description which I do recommend doing is uh.

05:27.660 --> 05:29.070
Fresh install.

05:29.460 --> 05:30.060
Okay.

05:30.060 --> 05:32.160
And I can click okay.

05:33.660 --> 05:35.520
So what happens is.

05:36.520 --> 05:41.830
If I go in my CSI Linux, I'm going through, I install a bunch of programs, I do my investigation,

05:41.830 --> 05:45.070
I have all sorts of stuff on there, and I'm done.

05:45.070 --> 05:47.230
I'm done with investigation.

05:47.560 --> 05:49.600
I don't need to go back to it.

05:49.930 --> 05:54.670
When I start a new investigation, I always recommend starting with a clean machine.

05:54.970 --> 06:00.940
So if I want to go back to a pristine state, which you absolutely should do for each new investigation,

06:00.940 --> 06:04.300
don't reuse an old machine that has a bunch of stuff on there.

06:04.300 --> 06:05.740
It could be contaminated.

06:05.740 --> 06:07.900
You don't want to contaminate your evidence.

06:08.410 --> 06:13.660
I can go back up to this OEM version, my snapshot, and I can click restore.

06:15.390 --> 06:17.250
In all restore me to that point.

06:17.250 --> 06:20.280
I also could do additional snapshots.

06:20.580 --> 06:22.920
I could do snapshot two.

06:23.980 --> 06:26.110
I could do snapshot three.

06:26.740 --> 06:29.470
And these are all different states.

06:29.470 --> 06:34.750
Again, if I'm if I need to take several snapshots for whatever reason, I can have all these different

06:34.750 --> 06:36.310
states that I could use.

06:36.310 --> 06:39.820
And if I want to get rid of one, I'd say I want to get rid of snapshot three.

06:39.820 --> 06:42.700
I just click on that and click delete and delete.

06:43.870 --> 06:45.130
And it's gone.

06:45.940 --> 06:46.420
Okay.

06:46.420 --> 06:54.910
So let's go ahead and let's go back into our CSI Linux and let's start it up I'm going to just click

06:54.910 --> 06:55.900
start here.

06:57.290 --> 07:02.600
And we're going to fire this up here and take a quick look at CSI Linux.

07:06.410 --> 07:07.730
Okay, that's going to power up.

07:07.730 --> 07:13.520
I'm going to pause the well, actually, I'll let it run here because it shouldn't take too long to

07:14.300 --> 07:15.050
start up here.

07:15.050 --> 07:18.680
I'm just going to close this dialog box by clicking this red x here.

07:18.680 --> 07:20.330
Make things a little bit easier.

07:28.860 --> 07:29.640
Okay.

07:29.640 --> 07:33.900
And we can see our machine starting up here.

07:36.290 --> 07:36.860
Okay.

07:36.860 --> 07:38.930
So we have the login here.

07:38.930 --> 07:40.910
What is the login for CSI Linux?

07:40.910 --> 07:42.200
It is CSI.

07:44.870 --> 07:47.630
And that's going to start up our machine and let us in.

07:47.630 --> 07:51.050
So again, this machine thinks it's his own computer.

07:51.050 --> 07:54.410
As if I took this machine, I took this operating system.

07:54.410 --> 07:55.910
I loaded it in here.

07:55.910 --> 07:57.710
Now the screen looked a little funny.

07:57.710 --> 07:58.850
So I'm going to just minimize it.

07:58.850 --> 08:00.020
I'm going to expand it out here.

08:00.020 --> 08:01.460
And now it's full screen.

08:02.180 --> 08:06.980
Now if you use windows or a mac it should be fairly familiar.

08:06.980 --> 08:10.070
So up in here this Linux button I can click this.

08:10.070 --> 08:13.370
And it comes up with all these wonderful programs here.

08:13.370 --> 08:16.160
And they did a great job breaking out these things here.

08:16.160 --> 08:25.580
So CSI Linux tools we can start a case gateway uh secure comms encryption Austin online investigations.

08:25.580 --> 08:28.730
Again this has some really awesome pre-installed tools.

08:28.730 --> 08:31.160
We're not going to use all these tools.

08:31.820 --> 08:36.920
Um, I do recommend kind of playing around with these different tools because again.

08:37.690 --> 08:40.630
You're going to use different tools for different situations.

08:40.630 --> 08:45.250
Some tools aren't going to always work every time, and you might need to use something else.

08:46.150 --> 08:52.300
And even though this has a huge amounts amount of tools here, a lot of great stuff here, we're going

08:52.300 --> 08:55.210
to go ahead and install some other stuff after the fact.

08:55.210 --> 09:02.320
But again this is kind of showing you how, you know, basically a walk through of CSI Linux and not

09:02.320 --> 09:03.940
only open source intelligence stuff here.

09:03.940 --> 09:09.670
We also have things like Wireshark for network scanning, Hunchly, which is a cool program, but you're

09:09.670 --> 09:11.230
going to have to pay for it.

09:11.230 --> 09:19.240
We have um, Onionshare, which allows us to share files over the Tor network anonymously.

09:19.750 --> 09:21.940
Keepassxc, which I highly recommend.

09:21.940 --> 09:24.100
We're we're going to be talking about it later.

09:24.250 --> 09:28.570
Autopsy is a cool program if you're doing computer forensic.

09:28.840 --> 09:36.340
Uh ghidra is if you're going to do reverse engineering on malware or viruses, that's by the NSA.

09:36.640 --> 09:38.500
We're not going to be touching those.

09:38.500 --> 09:42.790
But again, CSI Linux has a lot of very cool tools in here.

09:43.960 --> 09:47.440
Other things you might be interested in is this question mark.

09:47.440 --> 09:52.630
You can click here to see what your IP address is, and you can click on here for your network volume

09:52.630 --> 09:53.050
settings.

09:53.050 --> 09:54.400
Lock your computer.

09:54.400 --> 09:55.330
Restart it.

09:55.330 --> 09:56.110
Shut down.

09:56.110 --> 09:57.010
Sleep.

09:57.490 --> 10:03.160
Another important one is going to be the terminal which is this little black box here.

10:03.520 --> 10:08.440
And with Linux the terminal is going to be really, really important.

10:08.440 --> 10:12.820
And we'll go over some basic, um, terminal commands in the next video.

10:12.850 --> 10:17.590
But I do want did just want to give you a quick look at CSC Linux.

10:18.040 --> 10:23.800
And we'll we're definitely going to be diving much, much deeper into this in the later videos.

10:24.220 --> 10:30.850
So either I could click shut down here and I'll shut down in 30s if I don't do anything.

10:31.870 --> 10:36.100
Another cool thing about virtual machines is I can click this x here, okay?

10:36.280 --> 10:43.210
And I could save the machine state, I could turn it off, I could restore it to the my snapshot.

10:43.210 --> 10:47.950
If I do save machine state, it's going to save it in.

10:47.950 --> 10:53.200
However, whatever state I have, if I'm working on something and I need to shut it down for whatever

10:53.200 --> 10:55.120
reason, I got to go somewhere.

10:55.120 --> 10:57.370
I have a meeting I have to run to.

10:57.370 --> 10:59.470
I could click save state and it's.

10:59.470 --> 11:03.550
And when I start back up, it's going to start up right where I left it.

11:03.550 --> 11:10.600
Even if I turn off my computer or reboot my computer, it's going to come back up in that exact state

11:10.600 --> 11:11.470
it was left in.

11:11.470 --> 11:13.510
So really cool.

11:14.260 --> 11:18.760
Okay, that was installing CSI Linux along with a very short tour.

11:19.440 --> 11:24.210
And we're going to be getting into much more of this in the next upcoming videos.

11:24.210 --> 11:25.440
Thank you for watching.

11:25.440 --> 11:26.550
I'll see you in the next video.