I know there is a Forensic mode live boot, but I need to install Kali Linux to make forensic images of disks and analyze them.

I would like to know if the graphical installion of Kali Linux is forensic.
I mean, if there is a swap partition it will not be used, no internal disk will be auto mounted and auto-mounting of removable media will be disabled.

In case graphical installion of Kali Linux is not forensic, could this feature be configured? How?

I know there is a Forensic mode live boot, but I need to install Kali Linux to make forensic images of disks and analyze them.

I would like to know if the graphical installion of Kali Linux is forensic.
I mean, if there is a swap partition it will not be used, no internal disk will be auto mounted and auto-mounting of removable media will be disabled.

In case graphical installion of Kali Linux is not forensic, could this feature be configured? How?

I think i saw somwwhre the usage of forensic mode is via usb, to boot to machine with it. Then examine from there.

I can't answer that but an additional hardware tool you might want to buy before doing any imaging is a write blocker. Something like that:
- https://www.amazon.com/SiForce-Protective-Transporter-Tableau-Bridge/dp/B07BSXGLNY/
- https://www.amazon.com/Tableau-TK8u-USB-Forensic-Bridge/dp/B00YDEM30O/

I can't answer that but an additional hardware tool you might want to buy before doing any imaging is a write blocker. Something like that:
- https://www.amazon.com/SiForce-Protective-Transporter-Tableau-Bridge/dp/B07BSXGLNY/
- https://www.amazon.com/Tableau-TK8u-USB-Forensic-Bridge/dp/B00YDEM30O/

Yes, that's an option, but it also can be done with forensic mode. Also, I need to make images of M.2 SSD disks that generally are not supported by write blockers.

I think i saw somwwhre the usage of forensic mode is via usb, to boot to machine with it. Then examine from there.

Yes, I know I can do that. But I would like to have a forensic installation, similar to CAINE or DEFT.

Tableau has some hardware to handle them:https://www.guidancesoftware.com/tableau/hardware/tda7-2

Tableau has some hardware to handle them:https://www.guidancesoftware.com/tableau/hardware/tda7-2

Thanks for your answer. I know about write blockers and I also have some of them. I'm trying to do a different thing, without hardware write blockers, similar to CAINE or DEFT.