Kali would be my number one choice and that is because I have been using BackTrack for years and naturally followed over to Kali Linux. That being said Kali has a lot going for it. It has more than 300 pentesting tools, It’s open source, you can download their source via git. Kali runs great as a live CD or on bare metal. It also works well on rarspberry pi. You can even load kali on your beaglebone black.
Pentoo would be my second choice however if you are a huge gentoo fan then this might be your first choice. If you already run gentoo getting pentoo is easy. It’s available in layman. I tend to use pentoo more for SDR stuff since GNU Radio is already compiled with all the dependencies. Pentoo is robust and massive. Give it a try if you haven’t already. You can download it here
Parrot Security OS
Parrot is developed by Frozenbox Network and designed to perform security and penetration tests, do forensic analisys or be anonymous on the web. Parrot Security uses a the Mate Desktop environment which is a nice change of pace. This is a Debian-based distribution similar in look and feel to Kali Linux because the crew at Frozen Network started with the Kali git repository. Edited to add – Version 1.0 is out… check out more here.
When it comes to just forensics my list is a bit shorter. The Top 2 forensics are CAINE Linux and DEFT Linux. Forensics is all about preserving the evidence chain. The process and mentality is much different than Pentesting and as such having a dedicated distro for that tends to be a good thing. If you are unfamiliar with computer forensics you can always take a moment to read some documentation.
When it comes to forensics Cane linux (Computer Aided Investigative Environment) is an Italian Ubuntu based distro that is all business. If you want an eye opener just run it on one of your old machines and see what you can turn up. It might surprise you.
DEFT (Digital Evidence & Forensic Toolkit) is a customized distribution of the Ubuntu live Linux CD. It is an easy-to-use system that includes excellent hardware detection and some of the best open-source applications dedicated to incident response and computer forensics. If Caine didn’t exist this would be my goto forensics distro.
And since I always want to under promise and over deliver I will throw in a couple more security distributions as honorable mentions.
BackBox Linux is an Ubuntu-based distribution developed to perform penetration tests and security assessments. It is designed to be fast and easy to use. It provides a minimal yet complete desktop environment, thanks to its own software repositories, which are always updated to the latest stable versions of the most often used and best-known ethical hacking tools.
Blackarch linux is a light weight pentesting distro based on arch.
Blackarch is a pentesting suite built on top of Arch Linux. I will say that it is a very light and responsive distro. And due to that quick responsiveness and light interface I think this could be a great candidate pentesting distro to run on a raspberry pi or as a virtualbox guest.If you already have an arch linux running you can also add blackarchto it. More info can be found over on their site.