"Tsurugi" (剣) the Sword and the Linux Distribution

The tsurugi is a straight, double-edged sword that was used in ancient Japan. It was one of the oldest and most prestigious types of Japanese swords, and it was often used by ancient Japan monks and samurai warriors. Tsurugi were typically made of high-quality steel and were decorated with elaborate carvings and engravings.

Now, Tsurugi Linux is a specialized Linux distribution that is designed for digital forensics investigations. It comes with a comprehensive set of tools for collecting, analyzing, and preserving digital evidence. Tsurugi Linux is also relatively lightweight and portable, which makes it easy to use on a variety of devices.

“We’ve crafted a user-friendly experience, organizing the main menu in a logical forensic analysis sequence. Our menu is your roadmap from device acquisition to integrity checks, artifact extraction, and reporting tools. It’s not just about familiarity; it’s about exploration. Dig into menu categories to discover new tools that cater to your analysis needs. And for the seasoned experts, every tool is at your fingertips, ready to be wielded precisely through the command line console,

...

The most important feature is the device write blocker at kernel level that by default put every connected device in Read-Only mode to avoid any accidental modification to the artifacts and so potentially compromise the investigation. Running the distro in TEXT mode (CLI) open a special Acquisition Wizard tool we built, based on ncurses, that allow the analyst to easily follow the instructions just using a small amount of resources (CPU/RAM).”

- Giovanni Rattaro, Tsurugi Linux core developer.

Tsurugi Linux is an open-source distribution specifically designed for digital forensics (DFIR) investigations. It provides a comprehensive set of tools for collecting, analyzing, and preserving digital evidence. Here are some of its key features:

1. Customized Menu and Tool Organization: The main menu is structured logically to guide DFIR analysts through the investigation process, from device acquisition to artifact extraction and reporting. Tools are categorized into six main phases of DFIR investigations: Imaging, Hashing, Mounting, Timelines, Artifacts Analysis, and Reporting.
2. Write Blocker System: To prevent accidental or unauthorized modification of evidence, Tsurugi Linux employs a kernel-level write blocker, ensuring that the integrity of acquired data remains intact.
3. OSINT Menu Switcher: A dedicated OSINT Profile Switcher streamlines the OSINT investigation workflow by providing a quick access to a tailored subset of tools relevant to open-source intelligence gathering. It also adapts the wallpaper to reflect the OSINT focus.
4. Customizable Interface: Tsurugi Linux offers extensive customization options, allowing users to create and personalize profiles that match their specific investigative needs. This includes customizing the desktop layout, menu shortcuts, and tool configurations.
5. Extensive Toolset: Tsurugi Linux includes a wide range of open-source DFIR tools, covering various aspects of digital evidence analysis, from imaging and hashing to malware analysis, network forensics, and mobile forensics.
6. Portability and Lightweightness: Tsurugi Linux is designed to run on a variety of hardware platforms, including desktops, laptops, and even USB devices, making it a portable solution for on-site investigations.
7. Documentation and Community Support: Tsurugi Linux provides extensive documentation and a vibrant community forum for users to seek assistance, share knowledge, and contribute to the project's development.

Tsurugi Linux is available for free on the official website.

Tsurugi Linux comes with excellent documentation where one can find many information about the project and discover several hidden features. Furthermore a full list of the Tools Tsurugi Linux comes with is included.

“TSURUGI Linux - the sharpest weapon in your DFIR arsenal”