September 27, 2023 By Abraham Cueto Molina 3 min read

Incident response teams are stretched thin, and the threats are only intensifying. But new tools are helping bridge the gap for cybersecurity pros in Latin America.

IBM Security X-Force Threat Intelligence Index 2023 found that 12% of the security incidents X-force responded to were in Latin America. In comparison, 31% were in the Asia-Pacific, followed by Europe with 28%, North America with 25% and the Middle East with 4%. In the Latin American region, Brazil had 67% of incidents that X-Force responded to, followed by Colombia with 17% and Mexico with 8%. Peru and Chile split the remaining 8% of incidents.

In the face of rising incident volumes, the cybersecurity professional shortage is still a serious issue. According to the (ISC)2 Cybersecurity Workforce Study 2022, 3.4 million trained cybersecurity professionals are needed worldwide to deal with all of the cybersecurity attacks and help organizations minimize the impact of cybersecurity breaches.

As the talent shortage continues and threat actors refine their methods, cybersecurity professionals rely on a wide range of tools to stay ahead. There are paid commercial tools and free, open-source tools corresponding to a varied ecosystem of utilities designed in different programming languages (Python, Perl, Bash, PowerShell, etc.). These tools enable the automation of tasks to preserve and analyze artifacts related to forensic analysis and incident response, such as random-access memory (RAM), event logs, network connections, browsing histories, cache and more

One such tool is Tequila OS 2.0.

What is Tequila OS 2.0?

Students from the National Autonomous University of Mexico developed Tequila OS 2.0, the first Linux distribution in Latin America, specializing in performing forensic analysis in Spanish.

Image 1: Tequila OS 2.0

Tequila OS 2.0 is based on GNU/Linux and is easy to use. All users have to do is download the file with an ISO extension, create the virtual machine and run it. Alternatively, the user can download the files to run directly in a virtualization tool and enter the following credentials:

  • Username: “forense
  • Password: “unam

Once the Tequila OS 2.0 desktop is authenticated, it displays the following screen:

Image 2: Tequila OS 2.0 desktop

Tequila OS 2.0 Forensic Analysis Tools

Tequila OS 2.0 contains different tools that can perform forensic analysis and incident response, which are found in the “/Forense/” folder.

Image 3: Tequila SO 2.0 distribution tools

The tools are classified into different folders, each containing software such as Autopsy Forensic, Foremost, MyRescue, PhotoRec, Volatility, Exiftool, Metacam, Wireshark, Ghex, Galleta, Hashcat, ClamAV, Yara, Ophcrack, Jhon and Veracrypt, to name a few.

The main advantages of using Tequila OS 2.0 are:

  • Number of tools: Tequila OS 2.0 has around 60 tools for analysis and response to cybersecurity incidents.
  • Constant updates: The developers offer regular updates free of charge.
  • Automatic assembly: One-click mounting and unmounting of storage media are quick and easy.
  • Manuals in Spanish: Within the distribution itself, manuals in Spanish provide useful guides for all the tools.
  • Minimum memory requirement: Tequila OS 2.0 requires less than 1 GB of RAM to run.
  • Compatibility: Tequila OS 2.0 is compatible with any virtualization software.

As part of the Tequila project, an additional set of tools called Agave performs incident response in a Windows operating environment. To learn more about Agave and its incident response capabilities, check back for our future articles digging into its exciting potential.

Tequila OS 2.0 has proven to be the only one of its kind in Latin America as it is primarily focused on cybersecurity incident response activities. Over the course of its evolution, Tequila OS 2.0 has a higher stability compared to its predecessor, a more intuitive user interface, optimized performance, manuals in Spanish, more than 60 tools for cybersecurity incident response analysis, and it is compatible with any virtualization tool. These aspects make Tequila OS 2.0 an attractive Linux operating system option for all types of users in Latin America — and the world.

More from Incident Response

How Paris Olympic authorities battled cyberattacks, and won gold

3 min read - The Olympic Games Paris 2024 was by most accounts a highly successful Olympics. Some 10,000 athletes from 204 nations competed in 329 events over 16 days. But before and during the event, authorities battled Olympic-size cybersecurity threats coming from multiple directions.In preparation for expected attacks, authorities took several proactive measures to ensure the security of the event.Cyber vigilance programThe Paris 2024 Olympics implemented advanced threat intelligence, real-time threat monitoring and incident response expertise. This program aimed to prepare Olympic-facing organizations…

How CIRCIA is changing crisis communication

3 min read - Read the previous article in this series, PR vs cybersecurity teams: Handling disagreements in a crisis. When the Colonial Pipeline attack happened a few years ago, widespread panic and long lines at the gas pump were the result — partly due to a lack of reliable information. The attack raised the alarm about serious threats to critical infrastructure and what could happen in the aftermath. In response to this and other high-profile cyberattacks, Congress passed the Cyber Incident Reporting for Critical…

PR vs cybersecurity teams: Handling disagreements in a crisis

4 min read - Check out our first two articles in this series, Cybersecurity crisis communication: What to do and Crisis communication: What NOT to do. When a cyber incident happens inside an organization, everyone in the company has a stake in how to approach remediation. The problem is that not everyone agrees on how to handle the public response to cyber crisis communication. Typically, in any organization, the public relations team handles the relationship between the company and the media, who then decide…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today