Book Image

Digital Forensics with Kali Linux

Book Image

Digital Forensics with Kali Linux

Overview of this book

Kali Linux is a Linux-based distribution used mainly for penetration testing and digital forensics. It has a wide range of tools to help in forensics investigations and incident response mechanisms. You will start by understanding the fundamentals of digital forensics and setting up your Kali Linux environment to perform different investigation practices. The book will delve into the realm of operating systems and the various formats for file storage, including secret hiding places unseen by the end user or even the operating system. The book will also teach you to create forensic images of data and maintain integrity using hashing tools. Next, you will also master some advanced topics such as autopsies and acquiring investigation data from the network, operating system memory, and so on. The book introduces you to powerful tools that will take your forensic abilities and investigations to a professional level, catering for all aspects of full digital forensic investigations from hashing to reporting. By the end of this book, you will have had hands-on experience in implementing all the pillars of digital forensics—acquisition, extraction, analysis, and presentation using Kali Linux tools.
Table of Contents (18 chapters)
Title Page
Credits
Disclaimer
About the Author
About the Reviewers
www.PacktPub.com
Customer Feedback
Preface
10
Revealing Evidence Using DFF

The need for multiple forensics tools in digital investigations


Preservation of evidence is of the utmost importance. Using commercial and open source tools correctly will yield results; however, for forensically sound results, it is sometimes best if more than one tool can be used and produce the same results.

Another reason to use multiple tools may simply be cost. Some of us may have a large budget to work with, while others may have a limited one or none at all. Commercial tools can be costly, especially due to research and development, testing, advertising, and other factors. Open source tools, while tested by the community, may not have the available resources and funding as with commercial tools.

So then, how do we know which tools to choose?

Digital forensics is often quite time-consuming, which is one of the reasons you may wish to work with multiple forensic copies of the evidence. This way you can use different tools simultaneously in an effort to speed up the investigation. While fast tools may be a good thing, we should also question the reliability and accuracy of the tools.

The National Institute of Standards and Technology (NIST) has developed a Computer Forensics Tool Testing (CFTT) program that tests digital forensic tools and makes all findings available to the public. Several tools are chosen based on their specific abilities and placed into testing categories such as disk imaging, carving, and file recovery. Each category has a formal test plan and strategy for testing along with a validation report, again available to the public.

More on the CFTT program can be found at https://www.cftt.nist.gov/disk_imaging.htm. Testing and validation reports on many of the tools covered in this book can be found at https://www.dhs.gov/science-and-technology/nist-cftt-reports.

To re-enforce the importance of using multiple tools in maintaining the integrity of your investigations and findings, multiple tools will be demonstrated in the third and fourth sections of this book.