Book Image

Digital Forensics with Kali Linux

Book Image

Digital Forensics with Kali Linux

Overview of this book

Kali Linux is a Linux-based distribution used mainly for penetration testing and digital forensics. It has a wide range of tools to help in forensics investigations and incident response mechanisms. You will start by understanding the fundamentals of digital forensics and setting up your Kali Linux environment to perform different investigation practices. The book will delve into the realm of operating systems and the various formats for file storage, including secret hiding places unseen by the end user or even the operating system. The book will also teach you to create forensic images of data and maintain integrity using hashing tools. Next, you will also master some advanced topics such as autopsies and acquiring investigation data from the network, operating system memory, and so on. The book introduces you to powerful tools that will take your forensic abilities and investigations to a professional level, catering for all aspects of full digital forensic investigations from hashing to reporting. By the end of this book, you will have had hands-on experience in implementing all the pillars of digital forensics—acquisition, extraction, analysis, and presentation using Kali Linux tools.

Related Content you might be interested in

Current Title:

Small book image
Digital Forensics with Kali Linux
Dec, 2017 | 274 pages
Small book image
Learn Computer Forensics – 2nd edition
William Oettinger
Jul, 2022 | 434 pages
Small book image
Digital Forensics and Incident Response
Gerard Johansen
Dec, 2022 | 532 pages
Small book image
Kali Linux 2018: Assuring Security by Penetration Testing
Lee Allen | Alex Samm | Shakeel Ali | Damian Boodoo | Tedi Heriyanto | Gerard Johansen | Shiva V N Parasram
Oct, 2018 | 528 pages
Table of Contents (18 chapters)
Title Page
Title Page
Credits
Credits
Disclaimer
Disclaimer
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Customer Feedback
Customer Feedback
Preface
Preface
Free Chapter
1
Introduction to Digital Forensics
Introduction to Digital Forensics
What is digital forensics?
Digital forensics methodology
A brief history of digital forensics
The need for digital forensics as technology advances
Commercial tools available in the field of digital forensics
Operating systems and open source tools for digital forensics
The need for multiple forensics tools in digital investigations
Anti-forensics: threats to digital forensics
Summary
2
Installing Kali Linux
Installing Kali Linux
Software version
Downloading Kali Linux
Installing Kali Linux
Installing Kali Linux in VirtualBox
Summary
3
Understanding Filesystems and Storage Media
Understanding Filesystems and Storage Media
Storage media
Filesystems and operating systems
What about the data?
Data volatility
The paging file and its importance in digital forensics
Summary
4
Incident Response and Data Acquisition
Incident Response and Data Acquisition
Digital evidence acquisitions and procedures
Incident response and first responders
Documentation and evidence collection
Chain of Custody
Powered-on versus powered-off device acquisition
Write blocking
Data imaging and hashing
Device and data acquisition guidelines and best practices
Summary
5
Evidence Acquisition and Preservation with DC3DD and Guymager
Evidence Acquisition and Preservation with DC3DD and Guymager
Drive and partition recognition in Linux
Maintaining evidence integrity
Using DC3DD in Kali Linux
Image acquisition using Guymager
Summary
6
File Recovery and Data Carving with Foremost, Scalpel, and Bulk Extractor
File Recovery and Data Carving with Foremost, Scalpel, and Bulk Extractor
Forensic test images used in Foremost and Scalpel
Using Foremost for file recovery and data carving
Using Scalpel for data carving
Bulk_extractor
Summary
7
Memory Forensics with Volatility
Memory Forensics with Volatility
About the Volatility Framework
Downloading test images for use with Volatility
Using Volatility in Kali Linux
Summary
8
Autopsy – The Sleuth Kit
Autopsy – The Sleuth Kit
Introduction to Autopsy – The Sleuth Kit
Sample image file used in Autopsy
Digital forensics with Autopsy
Summary
9
Network and Internet Capture Analysis with Xplico
Network and Internet Capture Analysis with Xplico
Software required
Packet capture analysis using Xplico
Summary
10
Revealing Evidence Using DFF
Revealing Evidence Using DFF
Installing DFF
Summary

Installing DFF

To carry out investigations using DFF, we first require the Kali Linux 2016.1 ISO image. I've chosen to use the 64-bit version and also have it running as a virtual host within VirtualBox.

The Kali Linux 2016.1 ISO image can be downloaded from the https://www.kali.org/downloads/:

  1. Once Kali 2016.1 is installed as a virtual host, we can use the uname -a command to view the version details:
  1. To begin installing DFF, we first need to update the sources.list with the repository used in Kali Sana. Although we browsed directly to the sources.list file in the previous chapter, here are two additional ways in which we can also perform this task using the Terminal.

In a new Terminal, we can type the following:

echo "deb http://old.kali.org/kali sana main non-free contrib" >
 /etc/apt/sources.list

Alternatively, we can instead use the second method by typing the following:

 nano /etc/apt/sources.list

Followed by the details of the repositories:

deb http://http.kali.org/kali kali-rolling main...
Previous Section
End of Section 2
Next Section