Linux Distro for Mobile Security & Forensics
Digital forensic field took a step forward and released a new Linux distro for mobile. Its alpha version was made available for analyzing and many other phases of mobile forensics and malware examination, which also includes the testing needed for securities. This new distro is nothing but new Santoku Linux. For users who are less aware, Santoku name originated from Japan, which refers to a general purpose kitchen knife. The distro is not from Japan, but this name which also means “three virtues” or “three purposes”, was given by project leader of Santoku Linux, Thomas Cannon. This clearly states the three sectors it works for i.e. Mobile Forensics, Mobile Malware Examinations, and Mobile Security Testing. This project was an innovative effort for the digital forensics specializing in the computer and mobile forensics. It also included mobile apps security, information security, testing and training.
Sectors of Linux Distro for Mobile: Forensics, Malware Analysis & Security Testing
Santoku Linux provides this Mobile forensics, malware examination and testing as basic amenities. Users can utilize free and open source utilities along with some commercial application of Santoku in order to acquire and analyze the forensic pieces of evidence.
- Firmware flashing tools
- NAND, Media Card and RAM imaging tools
- Free demo versions for commercial utilities
- Crucial scripts designed for forensics
- Emulators for mobile devices
- Network service simulating devices for dynamic analysis
- Disassembly and decompilation utilities
- Access for malware databases
- Disassembly and decompilation utilities
- Mobile applications issue-detecting scripts
- Decryption of binaries, enumeration of app details
Alpha Release Tools
Linux distro for mobile is also available for Application Security Testing along with Penetration Testing. With alpha release, tools were included as per following categories; Development Tools, Penetration Testing, Device Forensics, Mobile Infrastructure, Wireless Analyzer, etc.
List of Development Tools:
- Android SDK Manager
- Apple Xcode IDE
- BlackBerry JDE
- BlackBerry Tablet OS SDK
- BlackBerry WebWorks
- Eclipse IDE
- Windows Phone SDK
- Android 2.3.3, 3.2, and 4.0.3 Emulators
- Security Compass Lab Server (HTTP and HTTPS)
- BlackBerry Ripple
- BlackBerry Simulators
This category comprises of the software development kits (SDK) or Eclipse IDE for creating applications or its coding for mobile apps packages. It also includes the emulators and simulators for the Android OS and BB. Various versions can be tested here for hacking needs.
List Of Penetration Testing Tools:
- Burp Suite
- w3af Console
- w3af GUI
- Metasploit Console
- Metasploit GUI
With these utilities, users can easily perform the penetration testing without any further installation needed.
List of Reverse Engineering Tools:
- APK Tool
- Java Decompiler
Rebuilding and reverse engineering of third party binary Android apps can be done using these tools.
List of Wireless Analyzers of Tools:
- Ubertooth Kismet
- Ubertooth Spectrum Analyzer
Santoku Linux package also holds tools for the wireless spectrum, packet analysis, network analysis, etc. WEP, WPA/WPA2 keys can be retrieved using these tools as well.
List of Device Forensics of Tools:
- AFLogical Open Source Edition
- Android Encryption Brute Force
- BlackBerry Desktop Manager
- iPhone Backup Analyzer
- Paraben Device Seizure
- Sift Workstation
- Sleuth Kit
- Sqlite Spy
This is to facilitate with the data recovery, data analysis, manipulation, investigating disk, etc.
List of Mobile Infrastructure Tools:
- BES Express
- Google Mobile Management
- iPhone Configuration Tool
All the categories not only provide the mobile phone’s configuration and the installation procedures of the apps and platforms.
How to Utilize this Santoku Linux Platform?
Santoku can be downloaded from the official website. The complete project is very large in memory. It is basically a pre-configured Linux environment and it can be installed as the OS it is important to create a bootable DVD or USB using an ISO image. In case users want the installation of Santoku Linux directly, “install-start installer directly” option can be chosen. In case users want to try it prior installation, “live-boot the Live System” option can be chosen.
One of the facilities provided by the Linux Distro for mobile is Mobile Forensics which is of great relevance for digital forensics done on mobile devices. It has several utilities and scripts in order to acquire and then examine the mobile data. This includes the firmware flashing tools and tools for collection and imaging of media cards. Some commercial tools are also available in the same package which can make it possible to analyze the Sqlite databases created by the Phone apps.