Book Image

Digital Forensics with Kali Linux

Book Image

Digital Forensics with Kali Linux

Overview of this book

Kali Linux is a Linux-based distribution used mainly for penetration testing and digital forensics. It has a wide range of tools to help in forensics investigations and incident response mechanisms. You will start by understanding the fundamentals of digital forensics and setting up your Kali Linux environment to perform different investigation practices. The book will delve into the realm of operating systems and the various formats for file storage, including secret hiding places unseen by the end user or even the operating system. The book will also teach you to create forensic images of data and maintain integrity using hashing tools. Next, you will also master some advanced topics such as autopsies and acquiring investigation data from the network, operating system memory, and so on. The book introduces you to powerful tools that will take your forensic abilities and investigations to a professional level, catering for all aspects of full digital forensic investigations from hashing to reporting. By the end of this book, you will have had hands-on experience in implementing all the pillars of digital forensics—acquisition, extraction, analysis, and presentation using Kali Linux tools.

Related Content you might be interested in

Current Title:

Small book image
Digital Forensics with Kali Linux
Dec, 2017 | 274 pages
Small book image
Learn Computer Forensics – 2nd edition
William Oettinger
Jul, 2022 | 434 pages
Small book image
Digital Forensics and Incident Response
Gerard Johansen
Dec, 2022 | 532 pages
Small book image
Kali Linux 2018: Assuring Security by Penetration Testing
Lee Allen | Alex Samm | Shakeel Ali | Damian Boodoo | Tedi Heriyanto | Gerard Johansen | Shiva V N Parasram
Oct, 2018 | 528 pages
Table of Contents (18 chapters)
Title Page
Title Page
Credits
Credits
Disclaimer
Disclaimer
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Customer Feedback
Customer Feedback
Preface
Preface
Free Chapter
1
Introduction to Digital Forensics
Introduction to Digital Forensics
What is digital forensics?
Digital forensics methodology
A brief history of digital forensics
The need for digital forensics as technology advances
Commercial tools available in the field of digital forensics
Operating systems and open source tools for digital forensics
The need for multiple forensics tools in digital investigations
Anti-forensics: threats to digital forensics
Summary
2
Installing Kali Linux
Installing Kali Linux
Software version
Downloading Kali Linux
Installing Kali Linux
Installing Kali Linux in VirtualBox
Summary
3
Understanding Filesystems and Storage Media
Understanding Filesystems and Storage Media
Storage media
Filesystems and operating systems
What about the data?
Data volatility
The paging file and its importance in digital forensics
Summary
4
Incident Response and Data Acquisition
Incident Response and Data Acquisition
Digital evidence acquisitions and procedures
Incident response and first responders
Documentation and evidence collection
Chain of Custody
Powered-on versus powered-off device acquisition
Write blocking
Data imaging and hashing
Device and data acquisition guidelines and best practices
Summary
5
Evidence Acquisition and Preservation with DC3DD and Guymager
Evidence Acquisition and Preservation with DC3DD and Guymager
Drive and partition recognition in Linux
Maintaining evidence integrity
Using DC3DD in Kali Linux
Image acquisition using Guymager
Summary
6
File Recovery and Data Carving with Foremost, Scalpel, and Bulk Extractor
File Recovery and Data Carving with Foremost, Scalpel, and Bulk Extractor
Forensic test images used in Foremost and Scalpel
Using Foremost for file recovery and data carving
Using Scalpel for data carving
Bulk_extractor
Summary
7
Memory Forensics with Volatility
Memory Forensics with Volatility
About the Volatility Framework
Downloading test images for use with Volatility
Using Volatility in Kali Linux
Summary
8
Autopsy – The Sleuth Kit
Autopsy – The Sleuth Kit
Introduction to Autopsy – The Sleuth Kit
Sample image file used in Autopsy
Digital forensics with Autopsy
Summary
9
Network and Internet Capture Analysis with Xplico
Network and Internet Capture Analysis with Xplico
Software required
Packet capture analysis using Xplico
Summary
10
Revealing Evidence Using DFF
Revealing Evidence Using DFF
Installing DFF
Summary

About the Volatility Framework

The Volatility Framework is an open source, cross-platform, incident response framework that comes with many useful plugins that provide the investigator with a wealth of information from a snapshot of memory, also known as a memory dump. The concept of Volatility has been around for a decade, and apart from analyzing running and hidden processes, is also a very popular choice for malware analysis.

To create a memory dump, several tools such as FTK imager, CAINE, Helix, and LiME (an acronym for Linux Memory Extractor) can be used to acquire the memory image, or memory dump, and then be investigated and analyzed by the tools within the Volatility Framework.

The Volatility Framework can be run on any  operating system (32- and 64-bit) that supports Python, including:

  • Windows XP, 7, 8,8.1, and Windows 10
  • Windows Server 2003, 2008, 2012/R2, and 2016
  • Linux 2.6.11 - 4.2.3 (including Kali, Debian, Ubuntu, CentOS, and more)
  • macOS Leopard (10.5.x) and Snow Leopard (10.12...
Previous Section
End of Section 2
Next Section