Tsurugi Linux 25.11 — Rebuilt DFIR & Malware‑Analysis Toolkit on Ubuntu 24.04 LTS
Tsurugi Linux 25.11 — Rebuilt DFIR & Malware‑Analysis Toolkit on Ubuntu 24.04 LTS
Table of contents:-
Tools, menus and workflow refinements
Practical considerations for practitioners
What’s new and why it matters
Tsurugi Linux 25.11, announced 24 November 2025, represents a major architectural refresh rather than an incremental update. The release was rebuilt from scratch and is explicitly based on Ubuntu 24.04.3 LTS, bringing long-term stability and a modern base for forensic workflows. A custom Linux kernel 6.17.8 is included to support hardware compatibility and the project’s forensic requirements. The team emphasises optimisation: the ISO size has been reduced to about 5GB, and the virtual machine image has been shrunk from 33GB to 15.7GB, making deployment faster and less storage-hungry for analysts working in constrained environments. The distribution also removes Snap and adopts Calamares as the new system installer, a move that simplifies installation and broadens compatibility with different deployment scenarios.
Beyond size and installer changes, the release integrates system-level improvements tailored for live forensic use. A RAM saturation workaround has been incorporated by adapting logrotate behaviour in both live and installed modes, addressing a practical pain point for memory- and I/O-intensive investigations. Firmware updates and a full system refresh are part of the release, alongside a number of bug fixes (including fixes for winSuperMem, AutoTimeliner and VM compatibility on some VMware versions) and the resolution of a boot-loader problem on MBR systems that stemmed from the old installer.
Tools, menus and workflow refinements
Tsurugi’s raison d’être is a curated toolkit for DFIR (Digital Forensics and Incident Response), malware analysis and OSINT (Open-Source Intelligence). The 25.11 tools listing shows an extensive, organised collection spanning imaging, hashing, mounting, timeline analysis, memory forensics, malware analysis, mobile forensics, cloud and OSINT utilities, and many more specialised categories. Core imaging utilities such as dd, ddrescue, ewfacquire and Guymager remain, while a broad set of file-system, registry, timeline and memory tools (The Sleuth Kit, Volatility3, Plaso/Plaso tools, Timesketch launcher) support end-to-end case work. The distribution also bundles a rich malware-analysis toolchain (radare2, binwalk, yara, debuggers and sandboxing tools), and mobile forensics utilities for Android and iOS triage, reflecting the multi-platform reality of modern investigations.
Usability tweaks are notable: PcmanFM has been replaced by a customised Thunar, and menus have been updated to reflect new and removed tools, while some computer-vision capabilities have been improved. The project continues to prune unmaintained utilities and add new, actively maintained tools to keep the distribution practical and secure for professional use.
Practical considerations for practitioners
Tsurugi remains a specialist distribution: basic Linux skills are required and the project positions itself as a free, independent DFIR resource intended to “give back to the community”. Hardware guidance suggests modest minimums but warns that many tools demand more powerful machines for comfortable use. The removal of Snap and the move to Calamares may affect some deployment workflows, so teams should test their standard procedures in a controlled environment before adopting 25.11 in production. The reduced ISO and VM sizes make it easier to distribute and spin up in cloud or lab environments, while the kernel and firmware updates improve hardware support and forensic reliability.
Concluding word
Tsurugi Linux 25.11 is a thoughtful, pragmatic refresh that balances a compact footprint with a comprehensive DFIR toolkit, making it a compelling option for investigators who need an out‑of‑the‑box forensic platform.
Disclaimer
All trade names and trademarks are acknowledged as the property of their respective owners. We aim for factual accuracy in every post; please verify critical details with original project sources and use open-source tools responsibly and within the law.
References:-
- Documentation Tsurugi Linux: Changelog • 24 November 2025
- Documentation Tsurugi Linux: Documentation - Introduction
- Tsurugi Linux
- Documentation Tsurugi Linux: Tools listing 25.11
⚔️
Comments
Post a Comment
Hello and welcome to The Distrowrite Project! We appreciate your engagement and value diverse perspectives. Our community thrives on respectful and constructive discussions. Please ensure your comments align with our guidelines: no hate speech, personal attacks, or spam. Let us foster a positive environment where everyone feels comfortable to share their thoughts and insights. Kindly direct any complaints and suggestions for any software/hardware directly, clearly and politely to the respective developer(s). Thank you for being a part of our community!