Build Your Own Custom OSINT Machine – Part 29th June 2019
In my last post I showed how it was possibly to create your own custom OSINT virtual machine based on Ubuntu Linux. The first post covered the basics of how to set up and install Ubuntu 19.04 with Virtual Box and install VLC Media Player from the software centre.
Like the previous post, this one is aimed at people who have little or no Linux experience. This article will look at some of the apps available in the Ubuntu Software Centre that are useful for OSINT. The next set of posts will look at installing apps directly from the internet with .deb packages, before moving on to look at how to install and configure some of the more advanced Python-based OSINT tools. There’ll also be content about suggested Firefox and Chrome addons that are useful for OSINT. Lastly I want to show how to clone and hash the virtual machine that you’ve created. If you’re doing OSINT in an environment where your enquiries are likely to be used as a form of evidence like Law Enforcement or Corporate Investigations, it’s better to take a one case, one virtual machine approach so the integrity of your evidence can’t be questioned and there’s no cross-contamination between cases.
Ubuntu Software Centre – Installing An App
In this example, I’ll show how to install Stegosuite. Stegosuite is an easy-to-use steganography program that allows you to hide and extract information within an image file.
Open the software centre and search for “stegosuite”:
Click on the app and choose install:
You’ll be prompted to enter your password. This is unusual if you’re used to a Windows environment but it’s an integral part of Linux and is one reason why Linux systems are often deemed to be more secure. In Linux there’s no such thing as a .exe file that you just download, click and run. Linux is less interested in what sort file you’re running than whether or not the file has permission to run. If it doesn’t haven’t permission, it won’t be allowed to run. Overall this helps protect the system from users and programs exercising more privileges than they should, but it means that when you install something, you’ll need to enter your password to do so.
Installation takes a few moments. You can either click launch directly from the software centre, or access the program from the start menu.
Click on the start menu (bottom left), and type “steg” to find Stegosuite. Click on it to launch and you’re done! To permanently add the program to the toolbar, just right click on the icon and choose “Add To Favourites”.
To remove a program you don’t want, just find it in the software centre and choose “Remove”. In the picture below I’m removing the Amazon app that comes with Ubuntu by default because we don’t need it (don’t hate Canonical, they still have to pay the bills).
So far I’ve shown how to install VLC and Stegosuite, but there are many other apps in the software centre that can be useful for an OSINT build. It’s worth noting that Libre Office already comes pre-installed with Ubuntu. These are a few suggested programs that are available to install from the software centre:
Photo, video, and audio tools
GIMP – powerful image and photo editing software.
Flameshot – really powerful screenshot and image capture tool. It’s my favourite screenshot tool since support ended for Shutter.
Shotwell – for organising image collections (pre-installed)
Audacity – powerful audio editor
SoundConverter – convert audio files to different types.
Darktable – managed and edit RAW images. Allows you to edit geotags.
Photoflare – simple image editor
SimpleScreenRecorder – lots of useful features. Lets you record all or part of your screen. Useful for documenting your work for evidential purposes, or capturing videos that are hard to download, like SnapMap videos or live streamed content.
Peek – a very basic screen recording tool.
(Firefox is pre-installed, and I’ll show how to install Google Chrome in the next article)
Tor Browser – the access the dark web.
Chromium – the basis of Google Chrome but without the intrusive extras.
Amass – network scanning tool that discovers subdomains, associated IP blocks, and maps the results.
Zenmap – GUI version of Nmap, the most well-know network scanning tool.
Wireshark – whether you need this or not really depends on what kind of research you’re doing. It allows you to capture and monitor network traffic.
Transmission – peer to peer filesharing app (pre-installed).
Telegram Client – not essential for an OSINT build, but it’s a popular communication platform. If you’re going to hand over a hashed copy of your virtual machine for use in evidence, it’s advisable to keep all your communications separately on your host machine – unless they’re integral to the case that is.
Organize My Files – keep your work organised. Has a nice GUI.
PDFsam – allows you to split and sort PDF files.
Bleachbit – allows the secure anti-forensic deletion of files
Kate – simple but powerful text editor
KeepassX – password manager. It stored passwords locally rather than elsewhere like LastPass. Uses AES or Twofish encryption.
Yubico Authenticator – allows you to generate one-time passwords on your computer for accounts where you use two-factor authentication.