Overview of Distributions by Use Case

Security Onion Desktop Open source platform designed by and for defenders, integrating log analysis, network file analysis (pcap) and box tracing. It offers signature-based detection via Suricata, full packet capture with Stenographer, file analysis with Strelka, and centralized management of Elastic agents for host visibility.
Kali Purple A “defensive” version of Kali Linux, Kali Purple embeds a (too?) vast collection of tools covering detection, incident response, attack simulation, visualization and more. It's ideal for testing SOC capabilities in an integrated environment.
Parrot Security Versatile Debian-based distribution, available as installable ISO, VM, Docker, WSL, and via a Debian conversion script. It allows you to use the same environment on different platforms, facilitating portability and consistency of tools.
Fedora Security Lab Lighter Fedora version with essential tools for network analysis and general security. Useful for rapid experimentation or ad hoc analysis.

SIFT Workstation Developed by the SANS Institute, it integrates leading forensics tools such as Autopsy, SleuthKit, Volatility, Plaso and others. Stable and proven, it is widely used in SANS training.
CAINE Graphical interface focused on disk acquisition and analysis. It supports all common forensics formats, ideal for initial incident response missions.
Tsurugi Linux Modern, rich distribution with broad coverage: forensic, memory, OSINT, etc. Several versions are available:
- Tsurugi Linux 64-bit: for full forensic analysis.
- Tsurugi Acquire 32-bit: lighter version with only live disk acquisition tools.
- Bento: portable forensic toolbox for live investigations.

REMnux Distribution specialized in malware analysis, artifact extraction, light reverse. Includes YARA, Didier Stevens Suite, CAPE, Ghidra, etc.
FlareVM (Windows) Windows environment packaged with IDA Free, x64dbg, PEStudio, etc. Specialized in Windows binary analysis.
Parrot Security Balanced OSINT/offensive toolset for technical threat analysis.
Fedora Kinoite An immutable operating system with a graphical user interface, Fedora Kinoite is designed to be highly stable and secure. It is also the platform of choice for developers and container-centric uses. Allows rapid redeployment of the same secured environment for all team members.
Tails Distribution designed for online anonymity, very useful for visiting unreliable sites.

Kali Purple A “defensive” version of Kali Linux, Kali Purple embeds a (too?) vast collection of tools covering detection, incident response, attack simulation, visualization and more. It's ideal for testing SOC capabilities in an integrated environment.
Commando VM (Windows) Complete Mandiant Offensive VM (“CommandoVM”) is a complete, customizable Windows-based security distribution for penetration testing and response teams. CommandoVM comes with a variety of offensive tools not included in Kali Linux, which highlight the effectiveness of Windows as an attack platform.
CSLinux French educational distribution (provides several training courses) with several tools for OSINT, malware analysis and incident response.

Last updated 3 months ago