PALADIN - Free Forensic Suite

Forensic Acquisition, Preview and Analysis - Simplified!

PALADIN is a modified Live Linux distribution based on Ubuntu that simplifies the process of creating forensic images in a forensically sound manner. PALADIN was designed with the understanding that many of those tasked with creating forensic images are not comfortable with using the command-line but still want to utilize the power of Linux. PALADIN was also designed with the understanding that many agencies or companies have limited budgets.  PALADIN comes in two flavors - the free DVD version and as a credit-card style USB which can be purchased for $49.95 USD here.

Why Use PALADIN?

• PALADIN DVD version is always free!
• PALADIN is incredibly easy to use and eliminates the need to remember confusing commands and switches.
• PALADIN will work on any computer or hardware that is supported by Ubuntu Linux - including most Intel Macs!
• PALADIN allows a user to safely image, preview and analyze internal hard drives without having to disassemble the computer or laptop.
• PALADIN has been modified to write-protect all attached media upon boot, thereby, preventing accidental writes or having to use expensive physical write-blockers.

PALADIN Key Features

• Boot standard PCs and Intel Macs in a forensically sound manner (including most Intel Macs including the MacBook Air)!
• Image to several formats including Expert Witness (.E01), EWF2 (.Ex01),  Apple Disk Image (.dmg), RAW (.dd), SMART and AFF!
• Image directly as a Virtual Disk Format (.vmdk)!!!
• Create hard drive clones!
• Create TWO forensic images or clones at the same time in the same or different formats!
• Streamlined Toolbox GUI!
• Fast and lightweight XFCE desktop environment!
• Image across a network!
• Format any drive as NTFS, HFS+, FAT32, EXT4 and ExFAT!
• Create a forensic image of only the Unallocated Space, Free Space and File Slack!
• Quickly wipe (sterilize), verify and hash media!
• SEARCH and PREVIEW media by file name, keywords or MIME types!
• Live Progress Log Viewer!
• Ability to save logs to any destination!
• Ability to create a single forensic image or split forensic image files!
• Disk Manager allows easy display of all attached media and their status!
• Disk Manager color-codes mounted volumes for easy identification!
• Image Mounter allows mounting of forensic images within PALADIN!
• Enhanced FIND features allowing for search of an entire volume or a single directory!
• Ability to search multiple directories at the same time!
• PALADIN now has some of the most popular open source forensic tools in it's Forensic Tool Chest!
• Ability to conduct full forensic exams using Autopsy/Sleuthkit or DFF!
• Ability to recover passwords from memory using Inception!
• Ability to analyze iOS backup files using iPhone Analyzer!
• and much, much more!!!

PALADIN USB currently does not support booting of Intel Macs, however, this is supported by the free DVD version of PALADIN which can be downloaded from www.sumuri.com after registering on the website.

PALADIN Forums and Support

PALADIN CD version is provided as a courtesy from SUMURI.  We do our best to answer any questions that may arise.  There are some steps you can take yourself to try to answer any questions you may have about features, support or troubleshooting.  First, PALADIN is based on Ubuntu.  Any hardware issues you encounter can be most likely be solved by checking the Ubuntu support sites such as https://help.ubuntu.com/.

Additionally, Sumuri has a forum for PALADIN where you can post your questions and receive help from the PALADIN community.  Access to the forums is granted after registration.

PALADIN Fundraising

Show the love!

You can help us keep the DVD version of PALADIN free for everyone purchasing the USB version of PALADIN or by proudly wearing or displaying Paladin and/or Sumuri apparel.

All proceeds from the sale of PALADIN USB, apparel and gifts are used to fund development and keep the DVD version free for everyone!

PALADIN USB can be purchased here.