August 9, 2017
Tequila – The First Latin American Computer Forensic’s Operative System
August 9, 2017
Hello and cheers from Colombia, my dear Cybrarians 😊
In the world of digital forensics science, there have been created several sorts of tools focused on the analysis of media devices and a help to conduct investigations related to security incidents. The community of people which are involved in these tasks have a common knowledge about Deft, Caine, SIFT (Sans Investigative Forensic Toolkit), Paladin and others.
Nevertheless, just a few forensic analysts have known that in Latin America there are people and institutions researching and making contributions to the forensics community. A very few people know about the Tequila Forensics OS Distribution.
What is Tequila Forensic?Tequila Forensic (or Tequila Forense in Spanish) is a Forensic Linux Distribution like the other distributions I early mentioned. The product was a result of a final project's degree in UNAM University of México (Universidad Autónoma de México), one of the top Universities in the region.
Image 1. Presentation of Tequila Forensic Distribution
Who made it?
Giving directly the recognition (and thanks) to Tequila’s developers, the Project was a goal of Jocsán Laguna Romero, Daniel Martínez Macedo, and Emanuel Mendoza, all of them UNAM’s students. The OS was presented to the academic community and later released as free at the middle of 2015.
I personally had the opportunity to share with Jocsán, he is a forensic's subject matter expert who gives a training through Duriva University, created by him to former and certify people of CERTs, law enforcement agencies, and public and private employees as experts in digital forensics across all Latin America.
Getting started with TequilaThe current Tequila's version is 1.0 and currently, the developers are working on the 2.0 version (You can help them if you want). The system works as a bootable OS or in virtual machines indeed. There are 32 and 64 bits ISO versions and is based on Mate’s Desktop by default.
Image 2. Mate’s Desktop – Tequila Forensics.
Anyway (Live or Virtual Machine) when you boot and start with the system, the credentials are the following:
Once authenticated, the desktop shows as follows:
Image 3. Tequila’s desktop interactive interface
Some of the tools available in Tequila are Autopsy, Volatility Framework, DFF (Digital Forensics Framework), recovery tools and even penetration testing options as Metasploit, Aircrack, and nmap. One of the most interesting tools which come with Tequila is the Tor browser, to connect to .onion’s deep web sites.
Image 4. Tequila’s options tools panel
Also, this distribution includes the LibreOffice suite, very useful to document at the time of investigation or making an incident report.
There are a lot of other tools pre-built in the system, so, if you want to check the full list of things you can export the package on a text list by typing the following command:
dpkg --get-selections > list.txt
You will get a full list of the packages installed on the system, in the file named list.txt
Optional, just in case you want
To acquire a forensic image using this distro, you can get it through the dd command and then it starts the analysis in Autopsy or similar Tequila’s tool. On the other hand, I recommend, to get a better “forensic way”, you can proceed the use of FTK Imager in the command line. You can easily install and learn to use it following my Cybrary’s article “Using FTK Imager on CLI – Challenging new disks technologies”.
Where to find Tequila?
Tequila used to exist on tequila-so.org but, unfortunately right now it is not stored there. The 32 and 64 bit versions can be found here: https://archive.org/search.php?query=creator%3A%22Jocsan+Laguna%22
If you follow the above link, you will be redirected to the site containing Tequila’s distributions as I show in the red squares of the image below:
Image 5. Tequila’s 32 / 64 bits repositories
Note: In a further article, I will show you what is Agave, used also for forensics and incident response.
By clicking in any of the versions, you will see the options of get the ISO image directly, or download though a torrent client. Anyway, if you want go to the ISO’s directly, which could be the easiest way here are the links:
Tequila 1.0 32 bits – https://archive.org/details/httptequila-so.org
Tequila 1.0 64 bits – https://archive.org/details/Tequila1.064bits
For further information about the project, and contact Tequila’s people, the following links will be useful:
Tequila’s Facebook - https://es-la.facebook.com/tequilacomputoforense/
Duriva’s Facebook - https://www.facebook.com/forenseinformatica?fref=ts
Duriva’s main site - https://www.duriva.com/
Duriva University - https://duriva.university/contacto/
I totally encourage you to explore with this wonderful Forensic’s OS, remember, all these resources are open based, both Tequila and of course, Cybrary. I wrote this to show you there is a lot of talent in Latin American building a better future of information security and contribute with the wide-open and free knowledge.
I hope you had enjoyed this article, and I'm opened to any question or further information needed if emerge from you guys.
Follow me on Twitter @avechuch0. (Zero at the end's name).
Thanks for reading.