Hello,
I'm currently enrolled in a bachelors degree for DF and I'm wanting to get a bit of practice in outside of my classes, I generally prefer Linux to Windows for a number of reasons, and I know that I'll eventually need to transition to Windows because Linux doesn't support some of the bigger names like EnCase. My question is, can I use Linux for the time being and still get quality practice? If so is their any recommended distros, or will just about any work? and lastly, I started reading LinuxLeo a book on digital forensics for law enforcement and they recommended Slackware, has anyone here used it, and if so how did go?
Thanks in advance
My question is, can I use Linux for the time being and still get quality practice? If so is their any recommended distros, or will just about any work?
My recommendation after >20 years of experience: a Windows 10 machine and Ubuntu as distro for the Linux on Windows subsystem. This Linux subsystem is doing everything you can expect from a CLI Linux OS. Once Ubuntu is running, you can use the SANS bootstrap installer for SIFT.
https://github.com/teamdfir/sift-saltstack
Then you have fully optimised Linux environment in case you need it.
And Windows will then serve X-Ways Forensics, FTK Imager and other well known and important forensic tools.
regards, Robin
The above seems good, use Windows and VM's.
I think X-Ways will work with WINE or similar though, maybe WinHex can be used while you are a student.
Sorry, but there are clear differences between a VM and the WSL Subsystem. "Linux on Windows" is implemented as an additional layer that can execute ELF binaries. It is not a virtual machine with a separate hypervisor.
https://en.wikipedia.org/wiki/Windows_Subsystem_for_Linux
And yes, there are ways to run X-Ways in Linux, but do not expect the same performance as if you would run it native on Windows.
regards, Robin
It is not a virtual machine
Except that the article you linked to says it is in fact a virtual machine.
"The architecture was redesigned in WSL2 [in 2019], with a Linux kernel running in a lightweight virtual machine environment ....... based on a subset of Hyper-V features".
We did some performance benchmarking in WSL, it was only 8% slower than the host Windows system. So not too bad.
It is then really "lightweight" (ever heard the term before?) and not visible in the Hyper-V manager or additional processes. Checked it myself and it is not handled in the way a VM is normally managed by this hypervisor.
I guess simply some additional DLL are used for abstraction.
regards, Robin
Windows is a great tool, no doubt about it. Linux, however, is a weapon. Nowadays assembling and operating weapons is easier than ever, all the elements are out there, it is just a matter of piecing them together. Tools will do for most jobs, but sometimes you do need a weapon. Below you can see a little video I made for entertainment purposes showcasing how Debian GNU/Linux can be applied for digital forensics work. Hope it will inspire someone to go and tinker with Linux 🙂