Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Digital Forensics with Kali Linux
  • Table Of Contents Toc
  • Feedback & Rating feedback
Digital Forensics with Kali Linux

Digital Forensics with Kali Linux

By : Shiva V. N. Parasram
4.4 (11)
Buy this Book
close
close
Digital Forensics with Kali Linux

Digital Forensics with Kali Linux

4.4 (11)
By: Shiva V. N. Parasram
Buy this Book

Overview of this book

Kali Linux is a Linux-based distribution that's widely used for penetration testing and digital forensics. This third edition is updated with real-world examples and detailed labs to help you take your investigation skills to the next level using powerful tools. This new edition will help you explore modern techniques for analysis, extraction, and reporting using advanced tools such as FTK Imager, Hex Editor, and Axiom. You’ll cover the basics and advanced areas of digital forensics within the world of modern forensics while delving into the domain of operating systems. As you advance through the chapters, you'll explore various formats for file storage, including secret hiding places unseen by the end user or even the operating system. You’ll also discover how to install Windows Emulator, Autopsy 4 in Kali, and how to use Nmap and NetDiscover to find device types and hosts on a network, along with creating forensic images of data and maintaining integrity using hashing tools. Finally, you'll cover advanced topics such as autopsies and acquiring investigation data from networks, memory, and operating systems. By the end of this digital forensics book, you'll have gained hands-on experience in implementing all the pillars of digital forensics: acquisition, extraction, analysis, and presentation – all using Kali Linux's cutting-edge tools.
Table of Contents (24 chapters)
close
close
close
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Download the color images
Conventions used
Get in touch
Share Your Thoughts
Download a free PDF copy of this book
1
Part 1: Blue and Purple Teaming Fundamentals
Part 1: Blue and Purple Teaming Fundamentals
Free Chapter
2
Chapter 1: Red, Blue, and Purple Teaming Fundamentals
Chapter 1: Red, Blue, and Purple Teaming Fundamentals
How I got started with Kali Linux
What is Kali Linux?
Understanding red teaming
Understanding blue teaming
Understanding purple teaming
Summary
3
Chapter 2: Introduction to Digital Forensics
Chapter 2: Introduction to Digital Forensics
What is digital forensics?
The need for blue and purple teams
Digital forensics methodologies and frameworks
Comparison of digital forensics operating systems
The need for multiple forensics tools in digital investigations
Summary
4
Chapter 3: Installing Kali Linux
Chapter 3: Installing Kali Linux
Technical requirements
Downloading Kali Linux
Installing Kali Linux on portable storage media for 
live DFIR
Installing Kali as a standalone operating system
Installing Kali in VirtualBox
Installing Kali Linux on the virtual machine
Summary
5
Chapter 4: Additional Kali Installations and Post-Installation Tasks
Chapter 4: Additional Kali Installations and Post-Installation Tasks
Installing a pre-configured version of Kali Linux in VirtualBox
Installing Kali Linux on Raspberry Pi4
Updating Kali
Enabling the root user account in Kali
Adding the Kali Linux forensics metapackage
Summary
6
Chapter 5: Installing Wine in Kali Linux
Chapter 5: Installing Wine in Kali Linux
What Wine is and the advantages of using it in Kali Linux
Installing Wine
Testing our Wine installation
Summary
7
Part 2: Digital Forensics and Incident Response Fundamentals and Best Practices
Part 2: Digital Forensics and Incident Response Fundamentals and Best Practices
8
Chapter 6: Understanding File Systems and Storage
Chapter 6: Understanding File Systems and Storage
History and types of storage media
File systems and operating systems
Data types and states
Volatile and non-volatile data and the order of volatility
The importance of RAM, the paging file, and cache in DFIR
Summary
9
Chapter 7: Incident Response, Data Acquisitions, and DFIR Frameworks
chevron up
Chapter 7: Incident Response, Data Acquisitions, and DFIR Frameworks
Evidence acquisition procedures
Incident response and first responders
Evidence collection and documentation
Live versus post-mortem acquisition
The CoC
The importance of write blockers
Data imaging and maintaining evidence integrity
Data acquisition best practices and DFIR frameworks
Summary
10
Part 3: Kali Linux Digital Forensics and Incident Response Tools
Part 3: Kali Linux Digital Forensics and Incident Response Tools
11
Chapter 8: Evidence Acquisition Tools
Chapter 8: Evidence Acquisition Tools
Using the fdisk command for partition recognition
Creating strong hashes for evidence integrity
Drive acquisition using DC3DD
Drive acquisition using DD
Drive acquisition using Guymager
Drive and memory acquisition using FTK Imager in Wine
RAM and paging file acquisition using Belkasoft RAM Capturer
Summary
12
Chapter 9: File Recovery and Data Carving Tools
Chapter 9: File Recovery and Data Carving Tools
File basics
Downloading the sample files
File recovery and data carving with Foremost
Image recovery with Magicrescue
Data carving with Scalpel
Data extraction with bulk_extractor
NTFS recovery using scrounge-ntfs
Image recovery using Recoverjpeg
Summary
13
Chapter 10: Memory Forensics and Analysis with Volatility 3
Chapter 10: Memory Forensics and Analysis with Volatility 3
What’s new in Volatility 3
Downloading sample memory dump files
Installing Volatility 3 in Kali Linux
Memory dump analysis using Volatility 3
Summary
14
Chapter 11: Artifact, Malware, and Ransomware Analysis
Chapter 11: Artifact, Malware, and Ransomware Analysis
Identifying devices and operating systems with p0f
Looking at the swap_digger tool to explore Linux artifacts
Password dumping with MimiPenguin
PDF malware analysis
Using Hybrid Analysis for malicious file analysis
Ransomware analysis using Volatility 3
Summary
15
Part 4: Automated Digital Forensics and Incident Response Suites
Part 4: Automated Digital Forensics and Incident Response Suites
16
Chapter 12: Autopsy Forensic Browser
Chapter 12: Autopsy Forensic Browser
Introduction to Autopsy – The Sleuth Kit
Downloading sample files for use and creating a case in the Autopsy browser
Evidence analysis using the Autopsy forensic browser
Summary
17
Chapter 13: Performing a Full DFIR Analysis with the Autopsy 4 GUI
Chapter 13: Performing a Full DFIR Analysis with the Autopsy 4 GUI
Autopsy 4 GUI features
Installing Autopsy 4 in Kali Linux using Wine
Downloading sample files for automated analysis
Creating new cases and getting acquainted with the Autopsy 4 interface
Analyzing directories and recovering deleted files and artifacts with Autopsy 4
Summary
18
Part 5: Network Forensic Analysis Tools
Part 5: Network Forensic Analysis Tools
19
Chapter 14: Network Discovery Tools
Chapter 14: Network Discovery Tools
Using netdiscover in Kali Linux to identify devices on a network
Using Nmap to find additional hosts and devices on a network
Using Nmap to fingerprint host details
Using Shodan.io to find IoT devices including firewalls, CCTV, and servers
Summary
20
Chapter 15: Packet Capture Analysis with Xplico
Chapter 15: Packet Capture Analysis with Xplico
Installing Xplico in Kali Linux
Installing DEFT Linux 8.1 in VirtualBox
Starting Xplico in DEFT Linux
Using Xplico to automatically analyze web, email, and voice traffic
Summary
21
Chapter 16: Network Forensic Analysis Tools
Chapter 16: Network Forensic Analysis Tools
Capturing packets using Wireshark
Packet analysis using NetworkMiner
Packet capture analysis with PcapXray
Online PCAP analysis using packettotal.com
Online PCAP analysis using apackets.com
Reporting and presentation
Summary
22
Index
Index
Why subscribe?
23
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts
Download a free PDF copy of this book

Summary

If there was only one thing that I’d like you to take away from this chapter, it would be to remember that the original evidence, particularly hard drives, storage media, and RAM images, should only be used to create forensically-sound bitstream copies. The original evidence is never to be worked on.

To recap, when a breach is reported, there should be an established first responder who, as per protocol, performs the tasks of documenting and securing the scene as well as collecting and preserving the evidence. The first responder should have a toolkit with various tools and items for the acquisition of evidence, and when handing over the evidence to other parties, ensure that the CoC is maintained.

Additionally, we looked at the various procedures and best practices when investigating devices that are powered on and powered off, and we discussed the importance of using a write blocker to prevent the original evidence from being tampered with and then using a hashing...

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech
Start a 7-day FREE trial
End of Chapter 9
Next Chapter
bookmark search playlist download
font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY