Mobile Forensics: Santoku

Type n0where
Reporter N0where
Modified 2013-05-03T01:03:33


Santoku is a platform for mobile forensics, mobile malware analysis and mobile application security assessment. The free Santoku Community Edition is a collaborative project to provide a pre-configured Linux environment with utilities, drivers and guides for these areas.

Boot into Santoku and get to work, with the latest security tools and utilities focused on mobile platforms such as Android and iOS.

Santoku Linux is a bootable Linux ISO which you can run as Live CD or install on a PC/VM. Santoku Linux is a Free and Open Source distribution and contains the best tools from around the web with a focus on Mobile Forensics, Mobile Malware and Mobile Security.

Sponsored by digital forensics and security firm viaForensics, Santoku Linux is available as a free community edition. viaForensics also offers viaLabs, essentially a commercial system running on top of Santoku. This distribution is a fork—a variant of—the MobiSec Ubuntu distribution, which means if you already know how to use Ubuntu, many of the commands and the user interface are already very familiar to you. It also uses the popular Gnome desktop, so the graphical user interface is one many users already use.

Mobile Forensics: Santoku Mobile Forensics

_ Mobile Forensics _

Santoku has a lot of the tools already installed, which means you can run penetration tests, reverse engineering applications, and run various tests without the hassle of installing each tool individually. All the mobile-specific tools are listed under “Santoku” in the main menu.

I used Android SDK Manager to fire up multiple mobile device emulators running Android. This means I don’t have to track down physical Android devices for my tests. Emulators for BlackBerry are also available. The distribution also has development tools for various mobile platforms, including Apple Xcode IDE, BlackBerry JDE, BlackBerry Tablet OS SDK, BlackBerry WebWorks, DroidBox, Eclipse IDE, and Windows Phone SDK, to name a few. For mobile malware analysis, I also had access to databases containing information about different types of malware.

For mobile forensics, there were tools such as AFLogical Open Source Edition, Android Encryption Brute Force, BlackBerry Desktop Manager, iPhone Backup Analyzer, and SQLiteSpy. With these tools, I could recover data stored on the devices, audit software, and analyze disk images.

Santoku has broader security tools as well, including utilities for wireless analyzers, reverse engineering, and penetration testing. Along with nmap, BurpSuite, and Metasploit, I can use w3af Console, Ettercap, SQLmap, SSLstrip, and other penetration testing tools. Reverse engineering tools such as APK Tool and Java Decompiler are included, as is the handy Flawfinder tool. I use Wireshark and Kismet a lot for network testing, and was pleased to see ChaosReader, which lets me view mobile traffic on a packet level.

Mobile Forensics: Santoku Documentation

What utilities are included in Santoku?

  • Development Tools
  • Penetration Testing
  • Wireless Analyzers
  • Device Forensics
  • Reverse Engineering

  • Android SDK Manager

  • AXMLPrinter2
  • Fastboot
  • Heimdall (src | howto)
  • Heimdall (GUI) (src | howto)
  • SBF Flash

  • Burp Suite

  • Ettercap
  • Mercury
  • nmap
  • SSL Strip
  • w3af (Console)
  • w3af (GUI)
  • Zenmap (As Root)

  • Chaosreader

  • dnschef
  • DSniff
  • Wireshark
  • Wireshark (As Root)

  • AFLogical Open Source Edition

  • Android Brute Force Encryption
  • ExifTool
  • iPhone Backup Analyzer (GUI)
  • libimobiledevice
  • scalpel
  • Sleuth Kit

Androguard Antilvl

  • APK Tool
  • Baksmali
  • Dex2Jar
  • Jasmin
  • JD-GUI
  • Mercury
  • Radare2
  • Smali

Mobile Forensics: Santoku

With Santoku Linux, users can access some free and open source tools as well as some of the commercial tools to forensically acquire and analyze data, examine mobile malware, detect malicious apps, and audit existing apps. Santoku Linux is still in the early stages, as the project leaders add new application packages and improve the distribution.

If you are interested in mobile security—whether you are a student, security professional regularly working with mobile security, or just interested in learning a little bit about this area—Santoku Linux is worth a first, second, and even a third look. Browse the forums, try out the How-To tutorials, and try out some of these tools. Knowledge is power, and Santoku definitely makes it easier to expand your skills.

Source && Download

Mobile Forensics: Santoku download Mobile Forensics