Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Digital Forensics with Kali Linux
  • Toc
  • feedback
Digital Forensics with Kali Linux

Digital Forensics with Kali Linux

4.3 (11)
close
Digital Forensics with Kali Linux

Digital Forensics with Kali Linux

4.3 (11)

Overview of this book

Kali Linux is a Linux-based distribution used mainly for penetration testing and digital forensics. It has a wide range of tools to help in forensics investigations and incident response mechanisms. You will start by understanding the fundamentals of digital forensics and setting up your Kali Linux environment to perform different investigation practices. The book will delve into the realm of operating systems and the various formats for file storage, including secret hiding places unseen by the end user or even the operating system. The book will also teach you to create forensic images of data and maintain integrity using hashing tools. Next, you will also master some advanced topics such as autopsies and acquiring investigation data from the network, operating system memory, and so on. The book introduces you to powerful tools that will take your forensic abilities and investigations to a professional level, catering for all aspects of full digital forensic investigations from hashing to reporting. By the end of this book, you will have had hands-on experience in implementing all the pillars of digital forensics—acquisition, extraction, analysis, and presentation using Kali Linux tools.
Table of Contents (11 chapters)
close
close
Preface
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Free Chapter
1
Introduction to Digital Forensics
Introduction to Digital Forensics
What is digital forensics?
Digital forensics methodology
A brief history of digital forensics
The need for digital forensics as technology advances
Commercial tools available in the field of digital forensics
Operating systems and open source tools for digital forensics
The need for multiple forensics tools in digital investigations
Anti-forensics: threats to digital forensics
Summary
2
Installing Kali Linux
Installing Kali Linux
Software version
Downloading Kali Linux
Installing Kali Linux
Installing Kali Linux in VirtualBox
Summary
3
Understanding Filesystems and Storage Media
Understanding Filesystems and Storage Media
Storage media
Filesystems and operating systems
What about the data?
Data volatility
The paging file and its importance in digital forensics
Summary
4
Incident Response and Data Acquisition
Incident Response and Data Acquisition
Digital evidence acquisitions and procedures
Incident response and first responders
Documentation and evidence collection
Chain of Custody
Powered-on versus powered-off device acquisition
Write blocking
Data imaging and hashing
Device and data acquisition guidelines and best practices
Summary
5
Evidence Acquisition and Preservation with DC3DD and Guymager
Evidence Acquisition and Preservation with DC3DD and Guymager
Drive and partition recognition in Linux
Maintaining evidence integrity
Using DC3DD in Kali Linux
Image acquisition using Guymager
Summary
6
File Recovery and Data Carving with Foremost, Scalpel, and Bulk Extractor
File Recovery and Data Carving with Foremost, Scalpel, and Bulk Extractor
Forensic test images used in Foremost and Scalpel
Using Foremost for file recovery and data carving
Using Scalpel for data carving
Bulk_extractor
Summary
7
Memory Forensics with Volatility
chevron up
Memory Forensics with Volatility
About the Volatility Framework
Downloading test images for use with Volatility
Using Volatility in Kali Linux
Summary
8
Autopsy – The Sleuth Kit
Autopsy – The Sleuth Kit
Introduction to Autopsy – The Sleuth Kit
Sample image file used in Autopsy
Digital forensics with Autopsy
Summary
9
Network and Internet Capture Analysis with Xplico
Network and Internet Capture Analysis with Xplico
Software required
Packet capture analysis using Xplico
Summary
10
Revealing Evidence Using DFF
Revealing Evidence Using DFF
Installing DFF
Summary

Memory Forensics with Volatility

In the previous chapters, we looked at the various types of memory. This included RAM and the swap, or paging, file, which is an area of the hard disk drive which, although slower, functions as RAM. We also discussed the issue of RAM being volatile, meaning that the data in the RAM is easily lost when there is no longer electrical charge or current to the RAM chip. With the data on RAM being the most volatile, it ranks high in the order of volatility and must be forensically acquired and preserved as a matter of high priority.

Many types of data and forensic artifacts reside in RAM and the paging file. As discussed earlier, login passwords, user information, running and hidden processes, and even encrypted passwords are just some of the many types of interesting data that can be found when performing RAM analysis, further compounding the need for...

End of Section 1
Next Section
bookmark search playlist download
font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete