Linux Distro for mobile forensics, malware analysis, and security testing (Santoku)

Linux Distro for mobile forensics, malware analysis, and security testing (Santoku)

Henry Dalziel | Digital Forensics | August 4, 2013

Blogging about Linux pentesting distros is one of the major things that we do here at the Concise Courses blog! Our interest lies within information security, and pretty much every distro we have reviewed falls within the category of either being used for penetration testing or for a particular aspect of IT security. Here are a few of our most popular Linux Distribution posts and other resources:

» Vote for your favorite Pentesting Distro (over 350 votes! See which is the most popular!)
» Top Ten Linux Pentesting (Hacking) Distros
» Best Wireless Linux Distros
and, our main Linux Information Security Distros section of our website.

What was missing from our many reviews was a specific Mobile Phone Forensics Distro, and here is is: Santoku.

Santoku, made by mobile forensics experts viaForensics, has three purposes (or perhaps we could call them pillars), which are Mobile Forensics, Mobile Forensics and Mobile Security.

Taking each of those in turn we notice that the Mobile Forensics focus of the distro has tools specifically designed to acquire and analyze mobile data, firmware flashing tools (that work on phones built by the major phone manufacturers) and a collection of free imaging tools for media cards. The developers have also bundled in free versions of some of the better and most widely used commercial forensics tools.

The next category that Santoku focuses on, is Mobile Malware, which frankly, is booming (for all the wrong reasons). A study by Juniper’s Networks Mobile Threat Center discovered that Mobile Malware grew a staggering 600% between 2012 and 2013, and the biggest rise has been aimed at Android. Pretty unbelievable stuff if you think about it, but also hardly surprising when you think about the undisputed rise in mobile and the decline in desktops. Quick side note, if mobile forensics and pentesting is your thing then we’d certainly recommend following news issued by Juniper’s Mobile Threat Center (MTC) team. Their sole purpose is to evaluate and investigate (24 hours) mobile vulnerabilities and malware threats.

Santoku hits Mobile Malware where it hurts by bundling many of the best known tools to assist with examining mobile malware and contains mobile device emulators. Included as well are decompilation and disassembly tools and access to malware databases.

The final tenet of Santoku is the concept of Mobile Security. The tools combined within this distro assess mobile apps, which again, is another huge growth threat out there. The same report researched by Junipers MTC outlined that nearly a quarter of a million apps are triggering SMS trojans and exploiting security vulnerabilities that in turn steal private data and force your phone to join a cyber botnet. Apparently the vast majority of these mobile app threats and malware are directed at Android. Santoku aids the battle against Android malware apps by giving their distro user an array of tools such as decompilation and disassembly tools and various scripts that have been written to detect common patterns in mobile applications that hide malware.

Why should you use Santoku?
When Linus Torvalds released Linux to the world, organizations, initially academic institutions, shaped the kernel to suit their needs. One branch of Linux is geared within the security space, i.e. Kali Linux, BackBox etc., and the same applies here, i.e. Santoku is a pure-play M‎obile Forensics Distro. Santoku, like every specialized Linux Distro out there has been created to save you time by curating all the tools you need to do your job whilst making sure that the drivers and updates all work efficiently. So, to answer the question, yes, you should absolutely try Santoku if you are interested in Mobile Security (Mobile penetration testing, auditing and forensics etc).

In Summary
As stated above, if mobile security is your thing then get yourself a copy here. Even if you are a student or just plain curious then you should immerse yourself into their forum. Seriously, viaForensics, the folks behind the distro, and a commercial organization (much like Offensive Security and Kali Linux) have done a really superb job in providing those new to this space with a range of helpful How-To tutorials and they also support an active forum. Since we are are on the subject, you should also take a look at CAINE as well (a distro which also address forensics).

Although the current Santoku distro is in an Alpha state it has solid foundations having been developed as a fork from the OWASP MobiSec Ubuntu distro.

Needless to say that this is a booming space. Mobile is under an increasing amount of sophisticated attacks and new threat vectors appear on a daily basis. If you can master Mobile Security skills then your employability will, we believe, go through the roof. Tell us what you think! Do you agree with us that mobile security skills will be in demand?

Leave a comment or reply below...thanks!