This is the project we are undertaking in this years Lab work / Studio project.
Kali Linux is an operating system made by Offensive Security, and is defined as an advanced Penetration Testing and Security Auditing distribution. It was first released in 2013, and is based on the Debian Linux distribution. It includes several hundred different tools divided into 13 categories:
- Information Gathering
- Vulnerability Analysis
- Wireless Attacks
- Web Applications
- Exploitation Tools
- Forensics Tools
- Stress Testing
- Sniffing & Spoofing
- Password Attacks
- Maintaining Access
- Reverse Engineering
- Reporting Tools
- Hardware Hacking
Our project is centered on the idea of making our own Digital Forensics version of the operating system. While Kali is an extremely comprehensive tool on its own, the sheer size of it might be intimidating and make it a challenge to use. The fact that Kali is such a broad tool also makes it so that a digital forensics investigator will only be using a small part of it, whereas we believe a focused tool would be more useful. Our end goal is therefore to make our own Linux distribution (distro) containing only the tools we believe a Digital Forensics investigator will need.
The process of achieving our goal is twofold:
- Finding the tools: breaking the categories of Kali into sections, where each one of the group members undertakes one section and investigates for forensics use. At the end, each member should have a list of tools they recommend.
- Making the distro: crafting our own Digital Forensics Linux distribution, with our selection of tools.
The first step of the process will be the most time consuming and rigorous, as there are a great deal of tools to work through. While there are some categories that can be disregarded entirely due to area of use, other categories will need to be evaluated for usefulness. For the purpose of evaluation we have created an evaluation form that all group members will adhere to, so that tools are judged on equal terms. Due to time constraints we might not be able to fully test all the tools in the different categories, so we will have to rely somewhat on third party research and reviews for our recommendations. When a category is deemed useful, we will research the programs and tools within it and ultimately recommend one or more of them. This will result in a list from each of the group members, which will then be compiled into our finished plan for our distribution.
The second step of the process will then be to attempt the compilation of the distro itself. As none of the group members have done this before, it will require one or more of us to learn the necessary skills required. This may therefore prove to be quite the challenge. But even if this part is unsuccessful, we will still have the experience from the attempt to write in our report, and we will still have the finished plan for the distro to deliver as a result.
Our final deliverable will consist of the report from the research and testing of tools included in Kali Linux and our complete recommendation of tools to be included in a Digital Forensics edition of the operative system. It will also include a report on the building of the distribution and, depending on whether the attempt is successful or not, the distribution itself.
- Distributing workload between group members (timeframe: completed)
- Creating scheme for evaluation (timeframe: completed)
- Research and evaluation of tools (timeframe: end of March)
- Building distribution (timeframe: end of May)
Problems and Challenges
One of the major challenges we face is the sheer amount of programs and tools to be researched and evaluated. Given the time restraints we are working under, there might not be enough time to thoroughly test everything we would like to, and even researching third party reviews about everything might prove difficult. The probable solution to the challenge then is to be selective and constructive in our research, and not get too bogged down in technical aspects.
Another challenge will be the creation of the distribution itself. Since none of the group members have any experience putting together a distro, we have no inkling of how steep the learning curve is, or how long it will take. It will be a learning-by-doing experience for all of us, and should prove an interesting challenge. If it proves to be too hard, then that will still be a viable result for our deliverable.
Communication is one of our biggest challenges, has been since the beginning. The schedules and priorities within the group are vastly different, making collaboration hard. We have yet to beat this challenge, and are quite frankly uncertain how to get past it. The Skype group we have set up for communicating isn’t very effective, sometimes taking days to get an answer. We don’t have voice or video calls, all communication is done by chat, which is most likely a cause to our communication issues. A possible solution to this could be for everyone to share their weekly schedule, find a common point in time, and have an hour long conference call every week.
Some of this is mentioned in the organisational part of the report. We have attempted to use different online platforms for managing the workload within the team, as balancing the tasks between each member has been a challenge. At first we used Trello, but that seemed to have done more harm than good. We solved that by going with something simpler, our gantt chart mentioned later in the report.
Google Docs allows multiple members of a team to write and comment simultaneously on a single document. Utilizing Google Docs for this purpose was suggested in January, but the majority of the group wasn’t interested. We write individually and combine our work later into a single document, this creates more steps than necessary when writing a report, and makes it unnecessarily hard to give feedback on each other’s work. In the future we might revisit Google Docs or similar, depending on how this report works out.
Ethical, legal, and social issues
Legal: In regards to the legal aspect of our project, there are some areas that could be considered to be in the grey area of what is legal or not. In some cases, there has been suspected terrorists or blackhat hackers caught with USB sticks containing the Kali Linux OS, where this has been part of the charges brought against them. But, Kali Linux is also a penetration testing tool for security professionals. And many of the tools inside the distro is perfectly legal to use in some ways. But there is no arguing that the tools can be used for illegal purposes. In regards for our project, we don`t believe we will add to the illegal side with our product – since we are focusing on the security and forensics side of these tools. Which in turn means that a hacker or terrorist would not have full benefit from our distro.
Also when considering our legal implications – all the tools in Kali Linux are free, open source and published for open usage for anyone. As we do not change the tools themselves or resell them – we do not run any risk of any legal claims being made towards us.
Ethical: The ethical aspect of creating this distribution were one of the issues we discussed. By creating this distribution – we would make systems like Kali Linux more accessible for maliscious people. The more is offered out there, the more it is being downloaded and used. But considering the skill level it requires to actually use any of these systems, they would have an easy access to the full version Kali Linux anyway. So considering our version is actually a much “nicer” and directed at whitehat hackers – we believe we are on ethical sound ground.
Social: The social implications by our product can relate somewhat to the ethical part, because since our distribution is based on tools more relevant to law enforcement and investigators – we are both less desirable to people with malicious intent, and we are being helpful to the “good guys”. The effect from this can therefore be seen as doing double good for the overall social issue, making a small but important contribution to tipping the scale for social benefit.
Group Organisation and Management
Our group does not have a clear hierarchical structure, we have not appointed a project manager, but we do have some resemblance of role distribution within the group.
As a group of five, proper organisation and communication is key, we don’t live in close proximity of one another, so we have to utilize online platforms as best as possible. For communication we are currently using Skype, where we have a group chat just for the Studio project. We share resources and everything related to the project on a shared Studio 2 Dropbox folder we all have access to.
We have a large amount of smaller tasks that needed to be divided amongst us. The benefit of being a larger group is the division of interest and previous experience in the group. Some members might enjoy doing a particular task more than the other, that’s basically how the work has been divided up until this point.
At first we attempted to utilize the Trello platform for project management, but felt the amount of tasks became overwhelming and disorganized, in effect making us lose sight of the project’s main goal. To solve this we set up a Gantt chart to see the overall goal and individual milestones more clearly. The change was noticeable, and gave the team increased motivation to hit important milestones. At the end of this section we have included a screencap of the Gantt chart from the early stages of the project, using the teamgantt.com web app. Each of the the individual tasks in the chart is assigned to a group member, and that group member can manually enter his/hers progress on the specific task. This helps us keep track of each other’s progress, most importantly if someone is falling behind on their work, we can quickly pick up on it, and offer assistance.
As an example, this progress report is due February 17th. No individual section in the report is dependant on any other section being complete before it can be written, but the final delivery document can’t be delivered before all the sections are complete. The Gantt chart gives us a very broad overview of the project, we have allocated a month to each main task, except for Make Distro’, which is given two months. ‘Make Distro’ only has three sub-tasks, when we start work on that we might have have to extend that number, or do something to get a better view of what has to be done to complete the task.