Book Image

Digital Forensics with Kali Linux

Book Image

Digital Forensics with Kali Linux

Overview of this book

Kali Linux is a Linux-based distribution used mainly for penetration testing and digital forensics. It has a wide range of tools to help in forensics investigations and incident response mechanisms. You will start by understanding the fundamentals of digital forensics and setting up your Kali Linux environment to perform different investigation practices. The book will delve into the realm of operating systems and the various formats for file storage, including secret hiding places unseen by the end user or even the operating system. The book will also teach you to create forensic images of data and maintain integrity using hashing tools. Next, you will also master some advanced topics such as autopsies and acquiring investigation data from the network, operating system memory, and so on. The book introduces you to powerful tools that will take your forensic abilities and investigations to a professional level, catering for all aspects of full digital forensic investigations from hashing to reporting. By the end of this book, you will have had hands-on experience in implementing all the pillars of digital forensics—acquisition, extraction, analysis, and presentation using Kali Linux tools.

Related Content you might be interested in

Current Title:

Small book image
Digital Forensics with Kali Linux
Dec, 2017 | 274 pages
Small book image
Learn Computer Forensics – 2nd edition
William Oettinger
Jul, 2022 | 434 pages
Small book image
Digital Forensics and Incident Response
Gerard Johansen
Dec, 2022 | 532 pages
Small book image
Kali Linux 2018: Assuring Security by Penetration Testing
Lee Allen | Alex Samm | Shakeel Ali | Damian Boodoo | Tedi Heriyanto | Gerard Johansen | Shiva V N Parasram
Oct, 2018 | 528 pages
Table of Contents (18 chapters)
Title Page
Title Page
Credits
Credits
Disclaimer
Disclaimer
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Customer Feedback
Customer Feedback
Preface
Preface
Free Chapter
1
Introduction to Digital Forensics
Introduction to Digital Forensics
What is digital forensics?
Digital forensics methodology
A brief history of digital forensics
The need for digital forensics as technology advances
Commercial tools available in the field of digital forensics
Operating systems and open source tools for digital forensics
The need for multiple forensics tools in digital investigations
Anti-forensics: threats to digital forensics
Summary
2
Installing Kali Linux
Installing Kali Linux
Software version
Downloading Kali Linux
Installing Kali Linux
Installing Kali Linux in VirtualBox
Summary
3
Understanding Filesystems and Storage Media
Understanding Filesystems and Storage Media
Storage media
Filesystems and operating systems
What about the data?
Data volatility
The paging file and its importance in digital forensics
Summary
4
Incident Response and Data Acquisition
Incident Response and Data Acquisition
Digital evidence acquisitions and procedures
Incident response and first responders
Documentation and evidence collection
Chain of Custody
Powered-on versus powered-off device acquisition
Write blocking
Data imaging and hashing
Device and data acquisition guidelines and best practices
Summary
5
Evidence Acquisition and Preservation with DC3DD and Guymager
Evidence Acquisition and Preservation with DC3DD and Guymager
Drive and partition recognition in Linux
Maintaining evidence integrity
Using DC3DD in Kali Linux
Image acquisition using Guymager
Summary
6
File Recovery and Data Carving with Foremost, Scalpel, and Bulk Extractor
File Recovery and Data Carving with Foremost, Scalpel, and Bulk Extractor
Forensic test images used in Foremost and Scalpel
Using Foremost for file recovery and data carving
Using Scalpel for data carving
Bulk_extractor
Summary
7
Memory Forensics with Volatility
Memory Forensics with Volatility
About the Volatility Framework
Downloading test images for use with Volatility
Using Volatility in Kali Linux
Summary
8
Autopsy – The Sleuth Kit
Autopsy – The Sleuth Kit
Introduction to Autopsy – The Sleuth Kit
Sample image file used in Autopsy
Digital forensics with Autopsy
Summary
9
Network and Internet Capture Analysis with Xplico
Network and Internet Capture Analysis with Xplico
Software required
Packet capture analysis using Xplico
Summary
10
Revealing Evidence Using DFF
Revealing Evidence Using DFF
Installing DFF
Summary

Downloading test images for use with Volatility

For this chapter, we'll be using a Windows XP image named cridex.vmem, which can be downloaded directly from  https://github.com/volatilityfoundation/volatility/wiki/Memory-Samples.

Select the link with the Description column, Malware - Cridex to download the cridex.vmem image:

Note

There are many other images on this page that are also publicly available for analysis. To practice working with the Volatility Framework and further enhance your analytical skills, you may wish to download as many as you like and use the various plugins available in Volatility.

Image location

As we'll soon see, all plugins in the Volatility Framework are used through the Terminal. To make access to the image file easier by not having to specify a lengthy path to the image, we have moved the cridex.vmem image to the Desktop:

We can also change the directory to the Desktop and then run the Volatility Framework and its plugins from there. To do this, we open a new Terminal...

Previous Section
End of Section 3
Next Section