CSI Linux Installation

Welcome to CSI Linux! Your Adventure Begins Here…

Buckle up, adventurer, because stepping into the world of CSI Linux is like
embarking on an epic quest. Picture Indiana Jones but instead of ancient artifacts,
you’ll be uncovering hidden malware, chasing breadcrumbs across the digital
realm, and delving into the deep, shadowy corners of the internet. CSI Linux is
more than an operating system, it’s your gateway to the thrilling and evolving
world of cyber forensics, OSINT (Open Source Intelligence), and digital
investigations.

Whether you’re an aspiring investigator, a cyber sleuth, or simply someone

curious about what makes the digital underworld tick, this guide is designed just
for you. Installing CSI Linux isn’t just about slapping another OS onto your
machine, it’s about gearing up for the ultimate adventure. And the best part? You
don’t need to be a seasoned expert to get started. We’ll walk you through
everything, no confusing tech jargon, just the essentials.

CSI Linux Academy: Train Like a Pro, Level Up Like a Legend

Installing CSI Linux is just the first step in your journey. We want to ensure you
don’t just survive but thrive. That’s where the CSI Linux Academy comes in. Our
academy offers comprehensive training programs for all levels, whether you’re a
complete newbie or looking to sharpen your forensics skills.

And here's the kicker: we offer a FREE course called CSI Linux Certified
Investigator (CSIL-CI). This course is perfect for both first timers, those that want
to refresh their skills, or see what’s new with the platform. It covers the essentials
of CSI Linux, walking you through everything from booting the system to using
investigative tools. Complete it, pass the exam, and earn a certification to prove
you’ve got the chops!

© CSILinux.com
Page 1
Community and Connection: Join the Adventure on Discord

CSI Linux isn’t just a toolset, it’s a thriving community of passionate investigators,
analysts, and tech enthusiasts. Once you install the system, you’re not on your
own. We invite you to join our Discord community at
https://discord.gg/sEXHkfkNXk. This is where the magic happens, discussions,
news, tips, and even sneak peeks at new features. Whether you’re stuck with a
tricky install or just want to chat with like-minded investigators, our Discord
server has you covered.

Pro Tip: Be sure to read the server rules upon joining so you can unlock full access
to all the content and channels!

Why CSI Linux? A World of Possibility Awaits

Think of CSI Linux as your all-in-one toolkit for the digital frontier. It equips you
with specialized tools for:

• Digital Forensics – Recovering evidence, digging into hard drives, and making sense of the
data.
• OSINT Investigations – Tracking down information using open sources, the dark web, and
social media.
• Incident Response – Handling malware outbreaks or security breaches like a pro.

And it doesn’t stop there. With CSI Linux, you have the flexibility to install it on a
Virtual Machine, boot it from a Triage Drive, or dive straight into a full installation
via ISO. It’s your adventure, and you choose how to play it. More on that in a
moment!

So, ready to begin? Dust off that keyboard, grab your mouse, and let’s get started

© CSILinux.com
Page 2
Your Toolkit: The Installation Options

There’s more than one way to set up CSI Linux, and each method is like picking the
right vehicle for a different terrain. Choose the one that suits your needs:

1. Virtual Appliance – Like driving a rental car

• VirtualBox (OVA file): Easy to deploy, plug-and-play virtual environment.

• VMWare (.vmdk & .vmx files in 7zip): A more robust ride, ideal for those already
familiar with VMware's ecosystem.
• KVM (.qow2 files): For the adventurous Linux expert who loves customization.

Why go virtual? You can run CSI Linux on your current system without making
permanent changes, like visiting a city without moving there. This is great for testing
the waters or keeping your setup flexible.

2. Triage Drive – The forensic detective’s go-to: This option lets you carry a portable
investigation toolkit on a USB, external hard drive, or even copy it to an internal disk to
build a daily driver.

• Format: RAW disk image, made with DD (a forensic tool).

• Installation tool: Use HDDRawCopy.exe (Windows) or other imaging tools to
transfer the forensic image to a USB.

Bonus: You can add Windows-based tools onto the Triage Drive if you have an NTFS,
FAT, or ExFat partition accessible in Windows.

Why use it? It’s the ideal solution when you need a ready-to-go forensic environment.
Think of it as your digital Swiss Army knife, perfect for on-the-go investigations.

3. The ISO Installer – Like building your dream home: Download the latest CSI Linux .ISO file
and either:

• Boot it as a Live Linux Environment (to test before you commit).

• Install it as a permanent OS (for those ready to fully dive in).

Why choose the ISO? If you’re ready to make CSI Linux your primary environment or
want the flexibility to boot it up on any machine, this is the way to go.

© CSILinux.com
Page 3
What Awaits You with CSI Linux?

Installing CSI Linux isn’t just about putting another OS on your machine, it’s
about equipping yourself with a powerful toolkit for digital investigations, dark
web explorations, and OSINT operations. Whether you’re chasing breadcrumbs
through malware samples, diving deep into metadata, or peeking into the depths
of the dark web, CSI Linux has your back.

Let the Adventure Begin

Starting CSI Linux is like unlocking the door to a detective's dream office,
everything you need, right at your fingertips. Follow these steps, install it your
way, and step into a world of digital mysteries. Happy hunting, investigator!

If you have any trouble along the way, don’t panic, every great journey has a few
bumps. Just breathe, troubleshoot, and remember that every challenge is a step
toward mastery.

© CSILinux.com
Page 4
Setting Up the CSI Linux VirtualBox Appliance
Welcome to CSI Linux! If you've ever wanted to explore digital forensics,
cybersecurity, or just dive into an exciting new operating system, you're in the
right place. This guide will walk you through setting up your CSI Linux virtual
appliance step-by-step, making sure even if you're not super tech-savvy, you'll be
able to get everything running smoothly. Don’t worry if some of the words sound
unfamiliar – we’re here to make it all easy to understand.

Requirements

Before we get started, make sure your system meets the following requirements:

• A computer that supports virtualization: Most computers made in the last few years do.
• 128 GB of free space: This is for downloads and installation files.
• 6 GB of RAM (Memory): Your computer needs enough memory to run the virtual
environment smoothly. CSI Linux is pre-configured to use 4 GB, but having a bit more
makes everything run better.
• Internet Access: Some tools need to connect to the internet for updates.

Step 1: Download VirtualBox

First things first, you need a program called VirtualBox. VirtualBox helps create
virtual environments, which is like making a computer inside your computer!

• Head to VirtualBox’s website.

• Click on the download link for your operating system (Windows, macOS, etc.).
• Follow the instructions to install VirtualBox on your computer.

Step 2: Install the Extension Pack

The Extension Pack adds some extra features to make VirtualBox work better.

• Go back to the VirtualBox downloads page.

• Download and install the Extension Pack.

This will make the experience smoother and enable features like better USB
support.

© CSILinux.com
Page 5
Step 3: Get CSI Linux

Next, download the CSI Linux virtual appliance file (.ova). Think of this as the
"box" that contains your new virtual computer.

• Go to the CSI Linux download section.

• Download the "CSI_Linux_file.ova" file. If you’re using the Torrent link, you’ll need a
BitTorrent client to help download the file.
• Once it’s downloaded, leave it "seeding" for a while – this helps others download it faster.

Step 4: Import the Appliance into VirtualBox

Now that everything is downloaded, it’s time to set up the virtual computer.

• Locate the CSI Linux .ova file you just downloaded.

• Double-click it. VirtualBox should open and display a setup screen.
• Pick a location with enough space (use an external drive if your main one is too full).
• Adjust settings if you’d like (e.g., more RAM if your computer has extra to spare).
• Click Import and agree to the terms.
• Sit back while the installation completes. This might take a few minutes.

Step 5: Start CSI Linux

Once the setup is done, you’ll see CSI Linux listed in VirtualBox.

• Double-click the CSI Linux file VM to start it.

• At the login screen, use the credentials below:
• Username: csi
• Password: csi
• Press "Log In," and you’re ready to explore!

© CSILinux.com
Page 6
Step 6: Take a Snapshot in VirtualBox – "CSI Linux Base Install"

Snapshots are a lifesaver! They capture the current state of your virtual machine,
letting you roll back to this exact point if anything goes wrong later (or if you
just want a clean start). Think of it as a virtual "save point."

Here’s how to take a snapshot of your freshly installed CSI Linux:

• Make sure your CSI Linux VM is powered off (you can only take a snapshot when the
machine is either powered off or saved in a suspended state).
• In VirtualBox, go to the VirtualBox Manager where you see your list of virtual machines.
• Right-click on the CSI Linux VM entry in the list, and select Snapshots.
• In the Snapshots panel (which opens on the right side), click the Take Snapshot button (a
camera icon).
• A pop-up window will appear:
• Name: Enter "CSI Linux Base Install" (this makes it easy to recognize this clean
installation state).
• Description: Optional but useful. You could write: "Fresh installation of CSI Linux
with no additional configurations."
• Click OK to create the snapshot. This might take a few seconds as VirtualBox saves the
machine's state.

Optional: Adding More Disk Space

If you want CSI Linux to have more room to work with, you can easily adjust this.

• Make sure the virtual appliance is turned off.

• In VirtualBox, go to File > Virtual Media Manager.
• Select the CSI Linux drive and click on Properties.
• Adjust the disk size to your preference and click Apply.

© CSILinux.com
Page 7
Setting Up CSI Linux on VMware Workstation
Ready to dive into CSI Linux using VMware Workstation? This guide will walk
you through the entire process of setting it up smoothly. While this involves
extracting files from a 7-zip archive and working with virtual disks, I’ll make it
easy to follow. Let’s get started!

Requirements

• VMware Workstation installed on your computer. You can download it here.

• 7-zip utility to extract the virtual machine files.
• 128 GB of free storage for CSI Linux virtual machine files.
• 6 GB of RAM (preferably more) for smooth performance.
• Internet connection for downloading updates and tools.
• Virtualization enabled in your system's BIOS/UEFI.

Step 1: Download VMware Workstation

• Head to VMware’s official website.

• Download the latest version of VMware Workstation Pro or Player (Player is free for
personal use).
• Install VMware Workstation by following the on-screen instructions.
• Restart your computer if prompted.

Step 2: Download the CSI Linux Virtual Appliance (7zip File)

• Go to the CSI Linux download section.

• Download the CSI Linux virtual appliance (.7z file), which contains the .vmx
(configuration) and .vmdk (virtual disk) files.
• If using the torrent option, ensure your BitTorrent client is installed and leave it seeding
after downloading it to help others.

Step 3: Extract the VM Files

• Install 7-zip (if not already installed).

• Right-click the CSI Linux 7z archive and select "Extract Here".
• You’ll see files like:
• .vmx – VMware configuration file.
• .vmdk – The virtual disk containing the CSI Linux OS.

© CSILinux.com
Page 8
Step 4: Verify the VMX and VMDK Files

• Open the extracted folder to ensure all necessary files (especially the .vmx and .vmdk) are
present.
• Optional: Move this folder to a permanent location where you plan to store your virtual
machines, e.g., D:\VMs\CSI Linux.

Step 5: Open CSI Linux in VMware Workstation

• Launch VMware Workstation.

• From the top menu, click File > Open....
• Navigate to the folder where you store the extracted files.
• Select the CSI_Linux.vmx file and click Open.
• VMware will load the configuration for the virtual machine.

Step 6: Adjust Virtual Machine Settings (Optional)

• Select Edit virtual machine settings.

• Increase RAM to at least 6 GB (or more if your system allows it).
• Adjust processors to allocate more CPU cores if needed.
• You can also configure Network Adapter settings (default is NAT; switch to Bridged for full
network access).

Step 7: Start the Virtual Machine

• Click Power on this virtual machine.

• The VM will boot into CSI Linux.
• At the login screen, use the following credentials:
• Username: csi
• Password: csi
• Press Log In.

Step 8: Save Your Snapshot

• Once everything is working, it’s a good idea to create a snapshot of your VM.
• Go to VM > Snapshot > Take Snapshot.
• Name the snapshot (e.g., "CSI Linux Base Install") to easily roll back if needed.

You’re Ready to Explore CSI Linux!

Congratulations! You’ve successfully set up CSI Linux on VMware Workstation.

Now you can explore the powerful tools and features of this platform.

© CSILinux.com
Page 9
Optional: Adding More Disk Space in VMware Workstation
• Power off the CSI Linux virtual machine.
• You can’t modify the disk size while the VM is running.
• In VMware Workstation, go to the Virtual Machine Settings:
• Click VM from the top menu.
• Select Settings.
• Click on Hard Disk (SCSI) or Hard Disk (SATA) from the list on the left.
• This is the virtual disk you want to expand (the .vmdk).
• On the right side, click Utilities and select Expand.
• A new window will pop up asking for the New Disk Size.
• Enter the new size you want, e.g., 128 GB (make sure your physical drive has enough
space for this).
• Click Expand to confirm.
• VMware will take a few moments to increase the disk size.

© CSILinux.com
Page 10
Setting Up CSI Linux on VMware ESXi Server
Are you ready to deploy CSI Linux on VMware ESXi? ESXi is a powerful
virtualization platform that lets you run virtual machines on servers. This guide
will walk you through the entire process, from downloading and extracting the
CSI Linux virtual appliance to configuring it on ESXi.

Requirements

• ESXi Server installed and running.

• vSphere Client or ESXi Web UI access.
• 7-zip utility to extract the virtual machine files.
• Internet connection to download CSI Linux.
• 128 GB of free storage available on the ESXi datastore.
• 6 GB of RAM or more to ensure smooth operation.

Step 1: Download the CSI Linux Virtual Appliance (.7z File)

• Visit the CSI Linux download section.
• Download the CSI Linux virtual appliance (7z) file.
• If using a torrent, leave it seeding to help others.

Step 2: Extract the CSI Linux Files

• Install 7-zip on your local machine if not already installed:

sudo apt install p7zip-full # For Linux

Or download it from 7-zip.org for Windows or macOS.

• Right-click the downloaded .7z file and select Extract Here.

• The following files will appear:
• .vmdk – Virtual disk containing the CSI Linux OS.
• .vmx – Configuration file for VMware virtual machines.

Step 3: Upload CSI Linux Files to ESXi Datastore

• Open the vSphere Web Client or connect to ESXi directly via the web interface.
• Log in with your ESXi credentials.
• Navigate to Storage in the left-hand menu.
• Click on the Datastore Browser.
• Choose your desired datastore and upload the extracted CSI_Linux.vmdk file.

© CSILinux.com
Page 11
Step 4: Create a New Virtual Machine on ESXi
• In the ESXi Web UI, click Create / Register VM.
• Select Create a new virtual machine and click Next.
• Enter a Name for the VM (e.g., CSI_Linux_VM).
• Choose:
• Compatibility: ESXi version (leave default).
• Guest OS family: Linux.
• Guest OS version: Ubuntu 64-bit (CSI Linux is based on Ubuntu).

Step 5: Configure VM Settings

• Select the datastore where the virtual machine will reside.
• Under Disk settings, choose Use an existing virtual disk.
• Click Browse, navigate to the CSI_Linux.vmdk file on the datastore, and select it.
• Adjust CPU and Memory:
• CPUs: At least 2 (more if available).
• Memory: 6 GB or more for best performance.
• Configure the Network Adapter:
• Set to VM Network or Bridged for full network access.

Step 6: Start the CSI Linux Virtual Machine

• In the ESXi Web UI, click Power on next to your new VM.
• Open the VM Console to monitor the boot process.
• At the login screen, use:
• Username: csi
• Password: csi
• Press Log In to enter the CSI Linux environment.

Optional: Increase the Disk Size

If you need more space, follow these steps:

• Power off the virtual machine from the ESXi Web UI.
• Go to the VM settings and click Edit.
• Under Hard Disk, increase the disk size to your desired amount (e.g., 128 GB).
• Click Save.

© CSILinux.com
Page 12
Setting Up CSI Linux Using KVM and QCOW2
Ready to explore CSI Linux on KVM? With KVM, you’ll tap directly into your
system's virtualization capabilities for a high-performance experience. This
guide will walk you through downloading, extracting, and setting up CSI Linux
using a QCOW2 virtual disk file. Let’s get started!

Requirements

Before starting, ensure your setup meets the following:

• A computer with virtualization enabled (check your BIOS/UEFI settings).

• KVM installed on your Linux system (along with Virt-Manager).
• 7-zip utility to extract the QCOW2 file.
• 128 GB of free disk space for installation and operations.
• 6 GB of RAM or more for smooth performance.
• Internet access for updates and downloading tools.

Step 1: Install KVM and Virt-Manager

• Open a terminal and install KVM with Virt-Manager:

sudo apt update

sudo apt install qemu-kvm libvirt-daemon-system libvirt-clients bridge-
utils virt-manager

• Enable and start the libvirtd service:

sudo systemctl enable libvirtd

sudo systemctl start libvirtd

• Verify that KVM is correctly installed:

virsh list --all

Step 2: Download the CSI Linux Virtual Appliance (QCOW2 Format)

• Visit the CSI Linux download section.
• Download the CSI Linux QCOW2 virtual disk file (.7z).
• If you use a torrent, leave it seeding for a bit to help others.

© CSILinux.com
Page 13
Step 3: Extract the QCOW2 Disk File

• Install 7-zip if it’s not already installed:

sudo apt install p7zip-full

• Extract the downloaded 7z archive:

7z x CSI_Linux_file.qcow2.7z -o/home/your_username/VMs/CSI_Linux

This will extract the CSI_Linux.qcow2 file to your desired location (e.g.,
/home/your_username/VMs/CSI_Linux).

Step 4: Create a New Virtual Machine Using Virt-Manager

• Open Virt-Manager from your application menu (or type virt-manager in a terminal).
• Click Create a new virtual machine.

Step 5: Configure the Virtual Machine

• Select "Import existing disk image".

• Click Browse and select the CSI_Linux.qcow2 file from the extracted folder.
• Choose Linux as the OS type and Ubuntu 64-bit as the version (since CSI Linux is based on
Ubuntu).
• Set Memory (RAM) to 4-6 GB (or more if available).
• Set the CPU count at least 2 (allocate more if you have extra cores).
• Choose Network configuration:
• Use NAT for basic internet access or Bridged if you need the VM to be on the same
network as your host.

Step 6: Start the Virtual Machine

• Click Begin Installation in Virt-Manager.

• The VM will boot into the CSI Linux login screen.
• Use the following credentials to log in:
• Username: csi
• Password: csi
• Press Log In and enjoy your CSI Linux environment.

© CSILinux.com
Page 14
Step 7: Save a Snapshot

Taking a snapshot will allow you to revert to this clean installation state

• In Virt-Manager, right-click your CSI Linux VM and select Snapshot.

• Name the snapshot "CSI Linux Base Install".
• Add an optional description: "Fresh installation of CSI Linux."
• Click Take Snapshot.

Optional: Adding More Disk Space for the QCOW2

If you need more space, here’s how to expand the QCOW2 disk:

• Make sure the VM is shut down.

• Run the following command to resize the disk (example expands to 192 GB):

qemu-img resize /home/your_username/VMs/CSI_Linux/CSI_Linux.qcow2 +64G

You’re Ready to Explore CSI Linux!

Congratulations! You’ve successfully set up CSI Linux using KVM and a QCOW2
virtual disk. Enjoy the journey into digital forensics, OSINT investigations, and
cybersecurity with one of the best investigative toolkits available.

© CSILinux.com
Page 15
Setting Up the CSI Linux Triage Drive
This is a forensic copy of a running drive. This means it is a bootable FULL backup
and can be restored using any tool that can take a RAW forensic physical disk
image and restore it to a drive. That drive will be bootable. The CSI Triage Drive
contains a UEFI partition, and the (100 GB) CSI Linux Partition. This is the image
we use to build our own bootable Triage Drives and CSI Linux Workstations.

Option 1: Using a Linux System and dd or dcfldd

This guide walks you through the process of setting up the CSI Linux Triage Drive
on an external drive using the powerful Linux tool dd. The dd command allows
you to perform a bit-for-bit copy of the CSI Linux forensic image onto an external
drive. Follow these steps carefully to ensure a successful setup.

Requirements

• Linux system (any modern distribution will work).

• 7-zip utility to extract the Triage drive image.
• 128BG+ External drive
• Make sure this is the correct one, as it will be completely overwritten.
• SSD drives will have much better performance due to read/write speed
• USB Thumb drives also wok
• CSI Linux Triage .7z file downloaded from the CSI Linux website.
• Admin (root) access on your Linux machine.

Step 1: Extract the Triage Drive Image

• Open a terminal on your Linux system.
• Navigate to the folder containing the downloaded CSI_Linux_Triage.7z file.
• Use 7z to extract the contents:

7z x CSI_Linux_Triage.7z

• After extraction, you should see a file named:

• CSI_Linux_Triage_file.dd

© CSILinux.com
Page 16
Step 2: Connect the External Drive
• Connect the external drive to your Linux system.
• Warning: Ensure you have selected the correct external drive, as it will be
completely erased.
• Identify the external drive using the lsblk command:

lsblk

Look for a device like /dev/sdb. Make sure it corresponds to your external drive.

Step 3: Use dd to Write the Image to the External Drive

• Make sure the external drive is not mounted. If it is, unmount it:

sudo umount /dev/sdb*

• Use the dd command to copy the CSI_Linux_Triage_file.dd image onto the external drive:

sudo dd if=CSI_Linux_Triage_file.dd of=/dev/sdb bs=4M status=progress

• if: Input file (the CSI Linux Triage image).

• of: Output file (your external drive).
• bs=4M: Block size of 4 MB for faster copying.
• status=progress: Displays progress during the operation.

• Wait patiently as the process completes, this could take some time, depending on the speed
of your system and drive.

Step 4: Verify the Copy

• After dd completes, use lsblk again to ensure the drive shows the new partitions:

lsblk /dev/sdb

• You can also verify the integrity of the copy by mounting the main partition:

sudo mount /dev/sdb2 /mnt

ls /mnt

You should see the contents of the Triage drive.

• Once verified, unmount the partition:

sudo umount /mnt

© CSILinux.com
Page 17
Option 2: Using a Windows System and HDDRawCopy

This guide walks you through setting up the CSI Linux Triage Drive using HDD
Raw Copy Tool on a Windows system. The HDD Raw Copy Tool allows you to write
the CSI Linux forensic image (.dd file) onto an external drive with a bit-for-bit
copy.

Requirements

• Windows system with administrator access.

• HDD Raw Copy Tool (download link: HDD Raw Copy Tool).
• 7-zip utility to extract the Triage drive image.
• CSI Linux Triage .7z file downloaded from the CSI Linux website.
• External drive (the contents of this drive will be overwritten completely).

Step 1: Download and Install HDD Raw Copy Tool

• Visit the HDD Raw Copy Tool website at https://hddguru.com.
• Download the HDD Raw Copy Tool installer.
• Run the installer and follow the on-screen instructions to install the tool.

Step 2: Extract the CSI Linux Triage Image (.dd File)

• Install 7-zip if not already installed (you can download it from https://www.7-zip.org).
• Right-click the CSI_Linux_Triage.7z file and select Extract Here.
• After extraction, you should see:
• CSI_Linux_Triage_file.dd

Step 3: Prepare the External Drive

• Connect the external drive to your Windows computer.
• Open File Explorer and identify the drive letter assigned to your external drive (e.g., D:).
• Ensure that no important data is on the external drive, it will be completely overwritten.

Step 4: Launch HDD Raw Copy Tool

• Launch the HDD Raw Copy Tool with administrator rights:
• Right-click the tool and select Run as Administrator
• In the Source section, click the File button.
• Browse to the folder where you extracted CSI_Linux_Triage_file.dd.
• Select the .dd file and click Open.

© CSILinux.com
Page 18
Step 5: Select the Target (External Drive)
• In the Target section, select the external drive you identified earlier (e.g., D: or E:).
• Warning: Be sure to select the correct drive to avoid overwriting other disks.
• Click Continue to confirm your selection.

Step 6: Start the Copy Process

• Review the Source and Target selections to ensure they are correct.
• Click the Start button to begin the copying process.
• Wait patiently while the tool writes the image to the external drive, this could take some
time depending on the size and speed of the drive.

Step 7: Verify the CSI Linux Triage Drive by Booting it

Since the CSI Linux Triage Drive uses the ext4 file system, you won’t be able to
verify it by browsing the drive contents in Windows. Instead, you’ll need to boot
off the external drive to confirm the installation.

Option 1: Reboot from Windows Recovery Options

• Remove the external drive safely from Windows:
• Right-click the USB drive in File Explorer and select Eject.
• Reconnect the drive to the computer.
• Press Shift + Restart in Windows to access Advanced Boot Options:
• Click Start > Power > Hold Shift and click Restart.
• In the Recovery Menu:
• Select Use a device.
• Choose the external USB drive
• It may show as the drive’s brand or “EFI USB Device.”
• Your computer should now boot from the CSI Linux Triage Drive.

© CSILinux.com
Page 19
Option 2: Boot from BIOS/UEFI Settings
• Shutdown your computer completely.
• Reconnect the external drive to the computer.
• Enter the BIOS/UEFI settings:
• Power on the computer and press the key to access BIOS (common keys are F2, F10,
F12, Esc, or Del, it varies by manufacturer).
• Disable Secure Boot (if enabled):
• In the BIOS, look for Secure Boot under the Boot or Security tab.
• Set Secure Boot to Disabled.
• Select the Boot Device:
• Go to the Boot Order or Boot Options section.
• Choose the external USB drive as the primary boot device (it might show as UEFI
USB or the brand of the drive).
• Save and Exit:
• Save your changes and exit the BIOS (usually F10).
• The computer should now reboot from the CSI Linux Triage Drive.

Step 8: Verify the Boot and Login to CSI Linux

• After rebooting, you should see the CSI Linux boot screen.
• Select the default option to boot CSI Linux.
• At the login screen, use the following credentials:
• Username: csi
• Password: csi
• Once logged in, you can explore the Triage Drive environment to confirm that everything
is working correctly.

© CSILinux.com
Page 20
Option 3: Using a Windows System and Rufus

This guide will walk you through setting up the CSI Linux Triage Drive using
Rufus on a Windows system. Rufus is a simple and reliable tool for writing disk
images onto external drives, and it's ideal for forensic purposes.

Requirements

• Windows system with administrator access.

• Rufus (download link: Rufus).
• 7-zip utility to extract the Triage drive image.
• CSI Linux Triage .7z file downloaded from the CSI Linux website.
• External drive (it will be completely overwritten).

Step 1: Download and Install Rufus

• Visit the Rufus website: https://rufus.ie.
• Download the latest version of Rufus.

Step 2: Extract the CSI Linux Triage Image (.dd File)

• Install 7-zip if you don’t have it (available at https://www.7-zip.org).
• Right-click the downloaded CSI_Linux_Triage.7z file and select Extract Here.
• You should now see the CSI_Linux_Triage_file.dd file in the folder.

Step 3: Prepare the External Drive

• Connect the external drive to your Windows computer.
• Open File Explorer to identify the drive letter assigned to the external drive (e.g., E:).
• Ensure the external drive contains no important data, it will be completely erased.

Step 4: Write the CSI Linux Triage Image Using Rufus

• Run the Rufus executable (it does not need installation).
• Launch Rufus with administrator rights:
• Right-click and select Run as Administrator.
• In Rufus, select your external drive under Device.
• Under Boot selection, click the SELECT button and browse to the CSI_Linux_Triage_file.dd.
• Ensure the Partition scheme is set to MBR (Master Boot Record) for better compatibility.
• Choose File System: Leave this set to Default (the tool will copy the disk image as-is).

© CSILinux.com
Page 21
Step 5: Start the Image Writing Process
• Review your settings and confirm the correct external drive is selected.
• Click Start to begin writing the CSI_Linux_Triage_file.dd to the external drive.
• Rufus will warn that all data on the external drive will be lost, click OK to confirm.
• Wait patiently while the image is written to the drive. This can take several minutes,
depending on the size of the image and the speed of your drive.

Step 6: Verify the CSI Linux Triage Drive by Booting it

Since the CSI Linux Triage Drive uses the ext4 file system, you won’t be able to
verify it by browsing the drive contents in Windows. Instead, you’ll need to boot
off the external drive to confirm the installation.

Option 1: Reboot from Windows Recovery Options

• Remove the external drive safely from Windows:

• Right-click the USB drive in File Explorer and select Eject.
• Reconnect the drive to the computer.
• Press Shift + Restart in Windows to access Advanced Boot Options:
• Click Start > Power > Hold Shift and click Restart.
• In the Recovery Menu:
• Select Use a device.
• Choose the external USB drive
• It may show as the drive’s brand or “EFI USB Device.”
• Your computer should now boot from the CSI Linux Triage Drive.

© CSILinux.com
Page 22
Option 2: Boot from BIOS/UEFI Settings

• Shutdown your computer completely.

• Reconnect the external drive to the computer.
• Enter the BIOS/UEFI settings:
• Power on the computer and press the key to access BIOS (common keys are F2, F10,
F12, Esc, or Del, it varies by manufacturer).
• Disable Secure Boot (if enabled):
• In the BIOS, look for Secure Boot under the Boot or Security tab.
• Set Secure Boot to Disabled.
• Select the Boot Device:
• Go to the Boot Order or Boot Options section.
• Choose the external USB drive as the primary boot device (it might show as UEFI
USB or the brand of the drive).
• Save and Exit:
• Save your changes and exit the BIOS (usually F10).
• The computer should now reboot from the CSI Linux Triage Drive.

Step 7: Verify the Boot and Login to CSI Linux

• After rebooting, you should see the CSI Linux boot screen.
• Select the default option to boot CSI Linux.
• At the login screen, use the following credentials:
• Username: csi
• Password: csi
• Once logged in, you can explore the Triage Drive environment to confirm that everything
is working correctly.

Congratulations!

You have successfully set up the CSI Linux Triage Drive on your external drive. You
can now use it to perform forensic investigations, store case files, or load
additional Windows tools onto the NTFS partition for dual functionality.

With your Triage Drive ready, you are equipped to handle investigations on-the-
go. Happy investigating

© CSILinux.com
Page 23
Using GParted to Increase Volume Size
When you increase the virtual disk size (using VMware, KVM, or VirtualBox) or
are working with a real drive (like the Triage Drive), the new space won't
automatically be available. This guide will walk you through how to use GParted
inside CSI Linux to resize or extend the partitions to use the full available space.
If you are working with a Triage Drive, we’ll also cover creating an NTFS
partition for case storage or Windows tools.

Scenario 1: Expanding the CSI Linux Partition to Use 100% of

Available Space

If you’ve increased the disk size of your virtual machine or drive, follow these
steps to allocate the new space to your CSI Linux root partition.

Step 1: Open GParted Inside CSI Linux

• Boot CSI Linux and log in using:

• Username: csi
• Password: csi
• Open a terminal window and type:

sudo gparted

• Enter your password if prompted. This will open the GParted partition editor.

Step 2: Identify the Correct Disk

• In GParted, select the correct disk from the drop-down menu in the top-right corner (e.g.,
/dev/sda for your main drive or virtual disk).
• You should see the partitions listed, including:
• The root partition (likely /dev/sda1).
• The unallocated space created by your previous disk expansion.

© CSILinux.com
Page 24
Step 3: Resize the Root Partition (Optional: Use 100% of Disk Space)

• Right-click the main root partition (likely /dev/sda1).

• Select Resize/Move from the context menu.
• In the Resize/Move window:
• Drag the slider all the way to the right to use the maximum available space.
• Alternatively, enter the desired size manually in the fields provided.
• Click Resize/Move to confirm.

Step 4: Apply the Changes

• Double-check your configuration to ensure it looks correct.

• Click the green checkmark button at the top to apply all changes.
• GParted will display a warning, confirm the operation to proceed.
• Wait for the process to complete. This might take a few minutes, depending on the disk
size.

Step 5: Verify the Changes

• Once the operation is complete, GParted will show the updated partition size.
• Close GParted and reboot the virtual machine or system:

sudo reboot

• After reboot, open a terminal and check the new disk space using:

df -h

Your root partition should now reflect the increased size.

© CSILinux.com
Page 25
Scenario 2: Creating a New NTFS Partition on the Triage Drive

If you’re using the Triage Drive and want to maintain the original 128 GB partition
while adding a new NTFS partition for case storage or CSI Triage Extras (Windows
Tools), follow these steps.

Step 1: Open GParted and Select the Triage Drive

• Launch GParted as described in Scenario 1.

• From the drop-down menu in the top-right corner, select the Triage Drive (e.g., /dev/sdb).

Step 2: Create a New NTFS Partition

• Identify the unallocated space on the drive (this will be any space beyond the 128 GB root
partition).
• Right-click the unallocated space and select New.
• In the Create Partition window:
• Partition Type: Choose Primary.
• File System: Select NTFS.
• Label: Enter a name like "Case_Storage" or "CSI_Triage".
• Click Add to create the partition.

Step 3: Apply the Changes

• Click the green checkmark button at the top of GParted to apply the new partition.
• Confirm the changes and wait for the operation to be completed.

Step 4: Verify and Mount the New NTFS Partition

• After the operation is completed, close GParted and return to the terminal.
• Create a directory to mount the new partition:

sudo mkdir /mnt/case_storage

• Mount the partition:

sudo mount -t ntfs /dev/sdb2 /mnt/case_storage

• To make the partition mount automatically at boot, add the following line to the /etc/fstab
file:

/dev/sdb2 /mnt/case_storage ntfs defaults 0 0

© CSILinux.com
Page 26
Setting Up an Internal Hard Drive to Boot CSI Linux Using Clonezilla and the
External CSI Linux Triage Drive

If you want to boot CSI Linux directly from an internal hard drive, this guide will
take you through using Clonezilla to clone the external CSI Linux Triage Drive
onto the internal disk or creating other CSI Linux Triage Drives. This method
ensures you’ll have a working copy of CSI Linux ready to boot directly from the
internal drive, offering faster performance and the ability to use CSI Linux as a
daily driver.

Requirements

• Clonezilla Live USB (downloadable at https://clonezilla.org).

• External CSI Linux Triage Drive prepared as described in earlier steps.
• Target hard drive: (either)
• Internal drive installed in the system (ensure it's large enough to hold the CSI Linux
partition).
• External drive (ensure it's large enough to hold the CSI Linux partition).

Step 1: Create a Bootable Clonezilla USB

• Download the Clonezilla ISO from https://clonezilla.org.

• Use Rufus (or any other bootable USB tool) to write the Clonezilla ISO to a USB stick:
• Device: Select the USB stick.
• Boot selection: Select the Clonezilla ISO.
• Click Start and wait for the process to complete.

Step 2: Connect the External Triage Drive and Internal Drive

• Connect the external CSI Linux Triage Drive to the system via USB.
• Ensure the internal hard drive (destination drive) is installed correctly inside your
computer.
• Boot your computer from the Clonezilla USB:
• Enter your BIOS/UEFI settings and set the USB drive as the first boot device.

Step 3: Launch Clonezilla and Begin the Cloning Process

• When Clonezilla boots, choose Clonezilla live from the boot menu.
• Select “Start Clonezilla” on the main menu.
• Choose device-device (disk to disk) mode, as you’ll be cloning the external Triage Drive to
the internal drive.

© CSILinux.com
Page 27
Step 4: Select Source and Target Drives

• Select the source drive:

• Choose the external CSI Linux Triage Drive (e.g., /dev/sdb).
• Select the destination drive:
• Choose the internal hard drive (e.g., /dev/sda).
• Warning: Double-check that the destination is the correct internal drive, as it
will be completely erased during cloning.

Step 5: Configure Cloning Options

• Choose “Expert Mode” to access advanced options.

• If the internal drive is slightly smaller than the original Triage Drive:
• Select “-icds” when prompted.

• This allows the cloning to proceed even if the destination drive is slightly smaller.
• Enable “Resize partitions proportionally” if your internal drive is larger, to make full use of
the available space.

Step 6: Start the Cloning Process

• Review your selections carefully.

• Select “Yes” to confirm the clone operation.
• Wait patiently as Clonezilla copies the CSI Linux Triage Drive to the internal drive.
• This can take some time depending on the size and speed of the drives.

Step 7: Verify the Clone and Reboot

• Once the process is completed, remove the external drive and the Clonezilla USB.
• Restart your computer and enter the BIOS/UEFI settings.
• Set the internal drive as the primary boot device.
• Save changes and reboot.

© CSILinux.com
Page 28
Updating CSI Linux
In the rapidly evolving world of technology, software, and security, it is crucial to
keep your Linux system up to date. Regular updates bring many benefits that
resonate not just with system stability and performance but also with the overall
security and functionality of the machine.

• Security Updates: Security patches are one of the essential reasons to keep your system
updated. Attackers constantly look for vulnerabilities in software. When these
vulnerabilities are discovered, the software's developers usually release updates to fix
them. If you don't update your system, you may expose it to malware, ransomware, and
other cyber threats. For example, a recent update might include a patch for a newly
discovered vulnerability that could allow unauthorized access to your system.
• Bug Fixes: Updates often include fixes for bugs that might have slipped through the initial
testing phase. These bugs can cause your system to freeze, crash, or behave unpredictably.
Regular updates ensure these issues are addressed, leading to a more stable and reliable
system.
• New Features and Improvements: Keeping your system up to date means you can always
access the latest features and enhancements. Software developers are continually working
on improving their programs' efficiency, performance, and usability. Regular updates
allow you to enjoy these improvements and make the most of your system.
• Compatibility: Software and hardware manufacturers often develop their products based
on the latest versions of operating systems. Keeping your system up to date ensures you
can run the latest software and connect to the newest hardware without compatibility
issues.
• Compliance: In some environments, especially in businesses and regulated industries,
there might be legal or policy requirements to keep systems updated to certain security
standards. Regular updates help in maintaining compliance with these regulations.

Keeping your Linux system updated is not merely a recommended practice; it's
necessary in today's digital environment. The process of updating includes
ensuring that your system is secure, stable, compatible with new hardware and
software, and compliant with relevant laws and regulations. By staying on top of
updates, you are essentially maintaining the health of your system and
safeguarding it from potential threats.

In the following sections, we will delve into the tools and procedures you can use
to keep Ubuntu and CSI Linux up to date, including utilizing powerful commands
like dpkg, apt, adding repositories, and setting up unattended updates.

© CSILinux.com
Page 29
dpkg: Debian Package Management Tool

`dpkg` is a low-level tool for handling Debian packages (`*.deb`). While it can
manage individual packages, it doesn't handle dependencies independently, so
higher-level tools like `apt` are often used. However, understanding `dpkg`
provides a solid foundation in package management and can be particularly
useful in various scenarios.

• Installing Packages: Install a `.deb` file using the following command.

sudo dpkg -i package_name.deb

• Removing Packages: You can remove a package without removing the configuration files.

sudo dpkg -r package_name

• Removing Packages and Configuration: You can remove both.

sudo dpkg -P package_name

• Listing Installed Packages: To list all installed packages.

dpkg -l

• Filtering: You can filter the results by package name.

dpkg -l | grep 'package_name'

• Checking Package Information: Check information about a specific installed package.

dpkg -s package_name

• Unpacking Packages: You can unpack a package without configuring it.

sudo dpkg --unpack package_name.deb

• Configuring Packages: If you've unpacked a package and want to configure it.

sudo dpkg --configure package_name

• Handling Dependencies: `dpkg` doesn't handle dependencies. If you encounter

dependency issues, you may need to run.

sudo apt --fix-broken install

• Filtering Status: You can filter packages by their status, such as installed, not-installed, etc.

dpkg --get-selections | grep 'install'

© CSILinux.com
Page 30
 • Reconfigure the settings of installed packages: For example, reconfigure the package
"tzdata" which sets the system timezone.

sudo dpkg-reconfigure tzdata

Note: This command would open an interactive dialog to help you choose and set the
system's timezone.

`dpkg` provides a powerful way to manage individual packages within a Debian-

based system. It's an essential tool for anyone looking to understand better how
package management works on these systems. However, daily package
management generally prefers tools like `apt` that handle dependencies.

Our next section will explore `apt`, which builds upon `dpkg`, providing an
even more user-friendly way to manage packages, including handling
dependencies.

© CSILinux.com
Page 31
apt: Advanced Package Tool

Excellent! Let's explore `apt`, one of the most used package management
command-line tools in Debian-based systems such as Ubuntu and CSI Linux.

`apt` simplifies managing packages on Linux by automating the retrieval,

configuration, and installation of software packages, including their
dependencies. Here's how you can harness the power of `apt`.

• Updating Package Lists: Before installing new packages or updating existing ones, it's
important to update the package lists to know the latest versions available.

sudo apt update

• Upgrading Packages: Upgrade all installed packages to their latest versions.

sudo apt upgrade

• Full Upgrade of Packages: A more extensive upgrade that may change essential packages.

sudo apt full-upgrade

or

sudo apt dist-upgrade

Note: Before doing a full-upgrade, it's good practice to ensure you've taken backups of your
system or know how to roll back changes if something goes wrong. A full-upgrade has a
broader impact than a regular upgrade and might significantly change your system.

• Installing Packages: To install a specific package.

sudo apt install package_name

• Removing Packages: To remove a package but keep its configuration files.

sudo apt remove package_name

• Removing Both Package and Configuration: To both.

sudo apt purge package_name

• Searching Packages: You can search for a package in the repositories.

apt search package_name

• Listing Installed Packages: To list all installed packages.

apt list --installed

© CSILinux.com
Page 32
 • Show Package Information: To get detailed information about a package.

apt show package_name

• Adding Repositories: You may need additional repositories to install specific packages. You
can add a repository with

sudo add-apt-repository "repository_details"

Note: Don't forget to update the package lists after adding a new repository:

sudo apt update

• Auto-Remove Unused Packages: Over time, no longer-needed obsolete dependencies can

accumulate. You can remove them with

sudo apt autoremove

`apt` is a powerful and user-friendly tool that takes much of the complexity out
of managing software packages on Debian-based systems. From basic tasks like
installing and removing software to more advanced operations like managing
repositories and handling dependencies, `apt` provides a unified interface for all
your package management needs.

By understanding both `dpkg` and `apt`, you have a strong foundation in

managing software on Debian-based systems, ensuring that you can keep your
system up to date, secure, and tailored to your specific needs.

Next, we'll investigate adding repositories and setting up the unattended updater
in Ubuntu, followed by specific instructions for updating CSI Linux using the
"powerup" tool.

© CSILinux.com
Page 33
Troubleshooting Broken Dependencies with apt

Occasionally, when managing packages, you might run into broken dependencies.
These can occur for various reasons such as a disrupted package installation or
incompatible package versions. Thankfully, apt has ways to handle and fix these
issues.

• Fix Broken Dependencies: If you ever encounter an error about unsatisfied dependencies
or broken packages.

sudo apt --fix-broken install

Note: This command attempts to correct broken dependencies by downloading and

installing missing packages.

• Clean the Package Cache: Sometimes, corrupted downloads can cause problems. Cleaning
the local repository of retrieved package files can help.

sudo apt clean

• Clean Obsolete Packages: For a more extended cleanup that also removes obsolete .deb files.

sudo apt autoclean

• Reconfigure Unpacked Packages: Sometimes, a package might need to be configured

correctly. You can reconfigure an unpacked package using.

sudo dpkg --configure -a

© CSILinux.com
Page 34
Securing APT Repositories in the Post-apt-key Era

In response to the deprecation of apt-key, developers and system administrators

must now employ updated techniques to manage APT repositories securely. The
primary shift is direct storage of GPG keys within a designated directory rather
than using apt-key to manage them. For instance, the GPG key of a repository can
be fetched and stored directly using commands like wget combined with tee.
Moreover, pre-existing keys can be located and then migrated to the new format
for those transitioning. The addition of repositories has also evolved, with
increased emphasis on specifying the keyring in the sources list or within
individual files in /etc/apt/sources.list.d/.

• Importing the GPG Key: Instead of using apt-key, you can directly download and store the
GPG key in the appropriate directory:

wget -O- https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo

tee /etc/apt/trusted.gpg.d/repository_name.gpg

Note: Make sure to replace the URL with the one provided by the repository owner.

• Replacing Old Keys: If you have existing keys that need to be replaced, you can find them
using.

sudo apt-key list

Then, you can convert the old keys using:

sudo apt-key export KEY_ID | sudo gpg --dearmour -o

/usr/share/keyrings/new_keyring.gpg

Make sure to replace KEY_ID with the key ID to replace and specify the new keyring file's
name.

• Adding the Repository: You can add the repository by editing the sources list or creating a
new file under /etc/apt/sources.list.d/.

deb [arch=amd64 signed-by=/usr/share/keyrings

© CSILinux.com
Page 35
Fixing and Replacing Old Keys

If you have old keys that need to be replaced, you can do so with the following
process:

• List Existing Keys: First, list all the keys, including deprecated ones, by running.

sudo apt-key list

Take note of the key ID you wish to replace.

• Export the Old Key: Export the old key into a new keyring file.

sudo apt-key export OLD_KEY_ID | sudo gpg --dearmour -o

/usr/share/keyrings/new_keyring.gpg

Replace OLD_KEY_ID with the key ID you found in step 1, and new_keyring.gpg with the
desired name for the new keyring file.

• Add the New Repository (With Signed Key): Edit the appropriate source list file or create a
new one under /etc/apt/sources.list.d/, then add the repository using the new keyring file.

deb [arch=amd64 signed-by=/usr/share/keyrings/new_keyring.gpg]

https://repository-url/ stable main

Replace the placeholders with the actual values for your repository.

• Delete the Old Key: Once the new key is in place and the repository is updated, delete the
old key.

sudo apt-key del OLD_KEY_ID

Again, replace OLD_KEY_ID with the actual key ID you wish to delete.

• Update the Repositories: To ensure all changes are applied, and the system recognizes the
updated key and repository, run.

sudo apt update

This step-by-step guide provides a clear process to replace old keys with new
keyring files in Debian-based systems. Following this procedure ensures a more
secure and stable package management experience in alignment with modern
best practices. This method avoids using deprecated tools and ensures that you
are using the latest and most secure keys for your repositories.

© CSILinux.com
Page 36
Setting Up Unattended Upgrades

Ubuntu's unattended-upgrades package offers a streamlined solution for

ensuring the system is always updated with the latest security patches and
updates. As the name suggests, this tool automates the process, periodically
checking for and installing available upgrades without manual intervention. This
is especially vital for systems exposed to the internet or those handling sensitive
data, as security vulnerabilities can be exploited if not patched promptly. By
leveraging unattended-upgrades, administrators can maintain system security
and stability, reducing the window of vulnerability and ensuring that systems
stay safeguarded against known threats. Not only does it enhance system
security, but it also alleviates the administrative burden of regularly manually
checking and applying updates.

• Install the Unattended Upgrades Package: Install the unattended-upgrades package. If it is

not installed, you can do so with:

sudo apt install unattended-upgrades

• Enable Unattended Upgrades: Enable unattended upgrades by running.

sudo dpkg-reconfigure --priority=low unattended-upgrades

Note: This command will prompt you with a question about whether you want to enable
unattended upgrades. Select “Yes.”

• Configure Unattended Upgrades: The main configuration file is located at

/etc/apt/apt.conf.d/50unattended-upgrades. You can edit this file to customize the
behavior of unattended upgrades.

sudo nano /etc/apt/apt.conf.d/50unattended-upgrades

Here, you can specify which packages to upgrade, how to handle reboots, whether to
remove unused dependencies and more. For example, to set up automatic updates for
security patches, you might have the following lines:

Unattended-Upgrade::Allowed-Origins {
"${distro_id}:${distro_codename}-security";
};

You can further configure the automatic removal of unused dependencies:

Unattended-Upgrade::Remove-Unused-Dependencies "true";
© CSILinux.com
Page 37
 • Configure the Update Schedule: The schedule for unattended-upgrades can be set in
/etc/apt/apt.conf.d/20auto-upgrades. You can edit this file.

sudo nano /etc/apt/apt.conf.d/20auto-upgrades

And set the frequency of updates:

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";

Here, "1" means that the package list will be updated, and unattended-upgrades will be
performed daily.

Monitor Unattended Upgrades: Logs for unattended upgrades are kept in

/var/log/unattended-upgrades. You can monitor these logs to keep track of what
has been updated.

Setting up unattended-upgrades helps to keep your system secure and up to date

with minimal intervention. By automating the upgrade process, you ensure that
critical updates, particularly security patches, are applied promptly. Customizing
the behavior of unattended-upgrades provides flexibility to suit various
requirements and preferences.

Remember to test your configurations in a controlled environment before

deploying them to production systems, as incorrect settings may lead to
unexpected behaviors.

© CSILinux.com
Page 38
CSI Powerup: CSI Linux Platform Update

CSI Linux has an update/upgrade tool called “powerup.” This tool is designed to
keep the OS updated, the CSI Tools, and most of the 3rd party tools. The
information previously covered is important for ensuring the base OS is patched,
and apt will need to be run if CSI Linux has not been updated in a long time. This
will minimize potential issues with system applications during the scripted
update during the powerup.

The biggest “challenge” during a scripted update is when a major application

waits for user input to configure a newer version. If the process runs through a
bash shell and other things are lining up to run, sometimes the interactive
window for an installer breaks when you hit enter.

We will walk through the process of updating CSI Linux system for the first time
or after it has been several weeks before the last update. Open a terminal window
and type the following commands:

sudo apt update

sudo apt upgrade -y
powerup
powerup

When you run “powerup,” it will ask you for your sudo password. If there is a typo,
or the user does not have sudo privileges, the powerup application will close. Once
it is done with the first stage, you should see a popup asking you to pick what you
want to update. For a full update/upgrade, just select “a’’.

It is suggested to run powerup twice if CSI Linux has made major revisions. This
will ensure that the latest tools and CSI Powerup are installed, and your platform
is patched and current,

© CSILinux.com
Page 39
Next Steps
Congratulations! You’ve successfully set up CSI Linux. Now you’re ready to explore
the exciting world of digital forensics and cybersecurity.

Feel free to take some time to look around and test out the different tools. If you
want to learn more, there are lots of labs and tutorials available within CSI Linux
itself. And remember – if you’re curious about anything, you can always ask
questions. Dive in, experiment, and have fun!

If you’d like to help shape future versions of CSI Linux, or just get involved with
the community, drop us a line at [email protected].

© CSILinux.com
Page 40