Application Security , Next-Generation Technologies & Secure Development , Video

Open-Source Linux Distribution for Blue Teaming

Giovanni Rattaro and Marco Giorgi on Project Tsurugi for DFIR Excellence
Giovanni Rattaro, senior cybersecurity expert, and Marco Giorgi, senior DFIR analyst

The digital forensics and incident response or DFIR landscape is constantly evolving, driven by technological advancements and new cyberthreats. Tsurugi, developed by Giovanni Rattaro, senior cybersecurity expert, and Marco Giorgi, senior DFIR analyst, is an open-source Linux distribution project designed for blue-teaming exercises.

See Also: OnDemand: 2024 Google Cloud Partner of the Year - Application and Infrastructure Security

Tsurugi addresses the challenges of tool installation and provides a ready-to-use platform tailored for those in digital forensics, security and law enforcement, offering tools for tasks such as cloning drives, analyzing artifacts, recovering deleted files, tracking browser history and conducting malware analysis, Rattaro said.

In this interview with Information Security Media Group at Black Hat Europe 2023, Rattaro and Giorgi discussed:

  • Tsurugi's suitability for educational purposes and addressing challenges of tool installation faced by students;
  • Its reliance on Ubuntu LTS for security updates and user accessibility for modifications;
  • Tsurugi Linux's future development, including the release of a special Black Hat edition.

In addition to being a core developer of Tsurugi Linux, Rattaro is a Backtrack Linux ambassador and ex-DEFT Linux developer. He is a DFIR instructor and is passionate about cyberthreat intelligence and OSINT.

Giorgi is a digital forensics expert with interests in computer forensics, mobile forensics, malware analysis, security and deep/dark web. He provides forensic training to law enforcement professionals. He is also a core team member of Tsurugi Linux and a former developer of DEFT Linux.

About the Author

Tony Morbin

Tony Morbin

Executive News Editor, EU

Morbin is a veteran cybersecurity and tech journalist, editor, publisher and presenter working exclusively in cybersecurity for the past decade – at ISMG, SC Magazine and IT Sec Guru. He previously covered computing, finance, risk, electronic payments, telecoms, broadband and computing, including at the Financial Times. Morbin spent seven years as an editor in the Middle East and worked on ventures covering Hong Kong and Ukraine.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.