About CSI Linux

Your Digital Forensic & OSINT Operating System

A suite of powerful cybersecurity tools built for professionals and enthusiasts.

Start Your Training

CSI Linux is an open-source operating system dedicated to providing a comprehensive platform for digital forensics, incident response, and OSINT (Open-Source Intelligence). Our mission is to equip professionals with the tools needed to combat modern cyber threats. We believe in open knowledge and a strong community.

Our Powerful Toolset

OSINT

Conduct in-depth investigations and gather intelligence.

Digital Forensics

Recover and analyze digital evidence from various data sources.

Malware Analysis

Examine malicious software in a secure environment.

Incident Response

Respond effectively to security incidents and breaches.

The CSI Linux Academy

Unlock your potential with our specialized training and certifications. From beginner fundamentals to advanced cyber defense, we have a course for you.

CSIL-CI Badge

CSI Linux Certified Investigator (CSIL-CI)

An entry-level certification covering the basics of using CSI Linux for computer forensics and cyber investigations.
CSIL-COA Badge

CSI Linux Certified OSINT Analyst (CSIL-COA)

Validates expertise in Open Source Intelligence (OSINT), focusing on collection, analysis, and reporting of public information.
CSIL-CDWI Badge

CSI Linux Certified Dark Web Investigator (CSIL-CDWI)

Specializes in Dark Web Investigation, applying to Data Collection, Analysis, and Reporting of Dark Web information.
CSIL-CCFI Badge

Certified Computer Forensics Investigator (CSIL-CCFI)

Designed for professionals to master digital evidence collection, forensic analysis, and cyber investigations.
CSIL-CSMI Badge

Certified Social Media Investigator (CSIL-CSMI)

Focuses on Data Collection, Analysis, and Reporting of open source information from social media platforms.
CSIL-CBCA Badge

Certified Blockkchain and Cryptocurrency Analyst (CSIL-CBCA)

Focuses on Data Collection, Analysis, and Reporting of Blockchainand Cryptocurrency investigations.
CSIL-C3S Badge

Certified Covert Comms Specialist (CSIL-C3S)

Advanced training in covert communications and safeguarding digital assets in hostile environments.
CSIL-INST Badge

CSI Linux Certified Instructor (CSIL-INST)

Designed to produce top-tier instructors proficient in CSI Linux technical intricacies and classroom management.

CSI Linux Downloads

Default username: csi | Default password: csi

CSI Linux has many updated tools, features, and additions.

When turned on, the CSI_TorVPN encapsulates all traffic through Tor, similar to Tails. The CSI_Gateway app points to a Whonix gateway VM, providing two options for the Virtual Appliance. If you’re using the bootable version, only the CSI_TorVPN is available.

You can also add a VPN or gateway to your network router for additional network security. For bugs or suggestions, please contact us by email.

Installation Document: Download Here

CSI Linux Virtual Appliance

The CSI Linux Virtual Appliance is available in three formats: VirtualBox and VMware. Choose the version that suits your environment.

Minimum Requirements:

  • 6+ GB of RAM
  • 140+ GB free disk space (suggest more)
  • 2+ Cores
  • KVM/QEMU
  • Internet Access

VirtualBox

Install VirtualBox and the Extension Pack.

Export the downloaded .7z file to the destination folder and import the VirtualBox Virtual Appliance.

Download for VirtualBox (.7z)

MD5: 71cc3f48981bd60a7879123bf6abcde9

VMware

This version is optimized for VMware environments. Ensure VMware is installed, then import the downloaded .ZIP file.

Export the downloaded .zip file to the destination folder and import the VirtualBox Virtual Appliance.

Download for VMware

MD5: 9ae76a5cf7ed45b3b827438c2a46254c

Legacy - CSI Linux Bootable Image

The CSI Linux Bootable Image is a bootable version of the CSI Linux platform.

CSI Linux Bootable Triage Drive

This is NOT an ISO file. It is a forensic copy in DD format. Please read the instructions before downloading.

Download Triage Drive

MD5: 670351f4386f8512e0bd2fc830487ef8

CSI Linux Bootable Triage Apps

This section includes additional bootable triage applications for forensic and security use cases.

  • 10+ GB free disk space (suggest more)
  • NTFS, FAT, or exFAT partition

Export the downloaded .7z file to the destination folder and import the VirtualBox Virtual Appliance.

Note: This is in a .7z file and should be extracted before using.

Download Triage Apps

MD5: 440d0244a6fb177eaf6e43c60d55eaec

CSI SIEM Virtual Appliance

The CSI SIEM Virtual Appliance is available in two formats: VirtualBox and VMware.

Username: defender

Password: Defender1!

VirtualBox

Install VirtualBox and the Extension Pack.

Export the downloaded .7z file to the destination folder and import the VirtualBox Virtual Appliance.

Note: This is in a .7z file and should be extracted before using.

Download for VirtualBox

MD5: c7c7c42c5b50e238db2bb091879f9951

VMware

This version is optimized for VMware environments. Ensure VMware is installed.

Export the downloaded .7z file to the destination folder and import the VirtualBox Virtual Appliance.

Note: This is in a .7z file and should be extracted before using.

Download for VMware

MD5: b5bb4d3fa78486d45deffe3c6fe7c1a6

Contact Us

Have questions? We're here to help.