Digital Forensics with Kali Linux - Third Edition

By : Shiva V. N. Parasram

Digital Forensics with Kali Linux - Third Edition

By: Shiva V. N. Parasram

Overview of this book

Kali Linux is a Linux-based distribution that's widely used for penetration testing and digital forensics. This third edition is updated with real-world examples and detailed labs to help you take your investigation skills to the next level using powerful tools. This new edition will help you explore modern techniques for analysis, extraction, and reporting using advanced tools such as FTK Imager, Hex Editor, and Axiom. You’ll cover the basics and advanced areas of digital forensics within the world of modern forensics while delving into the domain of operating systems. As you advance through the chapters, you'll explore various formats for file storage, including secret hiding places unseen by the end user or even the operating system. You’ll also discover how to install Windows Emulator, Autopsy 4 in Kali, and how to use Nmap and NetDiscover to find device types and hosts on a network, along with creating forensic images of data and maintaining integrity using hashing tools. Finally, you'll cover advanced topics such as autopsies and acquiring investigation data from networks, memory, and operating systems. By the end of this digital forensics book, you'll have gained hands-on experience in implementing all the pillars of digital forensics: acquisition, extraction, analysis, and presentation – all using Kali Linux's cutting-edge tools.

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the example code files

Download the color images

Conventions used

Get in touch

Share Your Thoughts

Download a free PDF copy of this book

Part 1: Blue and Purple Teaming Fundamentals

Free Chapter

Chapter 1: Red, Blue, and Purple Teaming Fundamentals

How I got started with Kali Linux

What is Kali Linux?

Understanding red teaming

Understanding blue teaming

Understanding purple teaming

Summary

Chapter 2: Introduction to Digital Forensics

What is digital forensics?

The need for blue and purple teams

Digital forensics methodologies and frameworks

Comparison of digital forensics operating systems

The need for multiple forensics tools in digital investigations

Summary

Chapter 3: Installing Kali Linux

Technical requirements

Downloading Kali Linux

Installing Kali Linux on portable storage media for  live DFIR

Installing Kali as a standalone operating system

Installing Kali in VirtualBox

Installing Kali Linux on the virtual machine

Summary

Chapter 4: Additional Kali Installations and Post-Installation Tasks

Installing a pre-configured version of Kali Linux in VirtualBox

Installing Kali Linux on Raspberry Pi4

Updating Kali

Enabling the root user account in Kali

Adding the Kali Linux forensics metapackage

Summary

Chapter 5: Installing Wine in Kali Linux

What Wine is and the advantages of using it in Kali Linux

Installing Wine

Testing our Wine installation

Summary

Part 2: Digital Forensics and Incident Response Fundamentals and Best Practices

Chapter 6: Understanding File Systems and Storage

History and types of storage media

File systems and operating systems

Data types and states

Volatile and non-volatile data and the order of volatility

The importance of RAM, the paging file, and cache in DFIR

Summary

Chapter 7: Incident Response, Data Acquisitions, and DFIR Frameworks

Evidence acquisition procedures

Incident response and first responders

Evidence collection and documentation

Live versus post-mortem acquisition

The CoC

The importance of write blockers

Data imaging and maintaining evidence integrity

Data acquisition best practices and DFIR frameworks

Summary

Part 3: Kali Linux Digital Forensics and Incident Response Tools

Chapter 8: Evidence Acquisition Tools

Using the fdisk command for partition recognition

Creating strong hashes for evidence integrity

Drive acquisition using DC3DD

Drive acquisition using DD

Drive acquisition using Guymager

Drive and memory acquisition using FTK Imager in Wine

RAM and paging file acquisition using Belkasoft RAM Capturer

Summary

Chapter 9: File Recovery and Data Carving Tools

File basics

Downloading the sample files

File recovery and data carving with Foremost

Image recovery with Magicrescue

Data carving with Scalpel

Data extraction with bulk_extractor

NTFS recovery using scrounge-ntfs

Image recovery using Recoverjpeg

Summary

Chapter 10: Memory Forensics and Analysis with Volatility 3

What’s new in Volatility 3

Downloading sample memory dump files

Installing Volatility 3 in Kali Linux

Memory dump analysis using Volatility 3

Summary

Chapter 11: Artifact, Malware, and Ransomware Analysis

Identifying devices and operating systems with p0f

Looking at the swap_digger tool to explore Linux artifacts

Password dumping with MimiPenguin

PDF malware analysis

Using Hybrid Analysis for malicious file analysis

Ransomware analysis using Volatility 3

Summary

Part 4: Automated Digital Forensics and Incident Response Suites

Chapter 12: Autopsy Forensic Browser

Introduction to Autopsy – The Sleuth Kit

Downloading sample files for use and creating a case in the Autopsy browser

Evidence analysis using the Autopsy forensic browser

Summary

Chapter 13: Performing a Full DFIR Analysis with the Autopsy 4 GUI

Autopsy 4 GUI features

Installing Autopsy 4 in Kali Linux using Wine

Downloading sample files for automated analysis

Creating new cases and getting acquainted with the Autopsy 4 interface

Analyzing directories and recovering deleted files and artifacts with Autopsy 4

Summary

Part 5: Network Forensic Analysis Tools

Chapter 14: Network Discovery Tools

Using netdiscover in Kali Linux to identify devices on a network

Using Nmap to find additional hosts and devices on a network

Using Nmap to fingerprint host details

Using Shodan.io to find IoT devices including firewalls, CCTV, and servers

Summary

Chapter 15: Packet Capture Analysis with Xplico

Installing Xplico in Kali Linux

Installing DEFT Linux 8.1 in VirtualBox

Starting Xplico in DEFT Linux

Using Xplico to automatically analyze web, email, and voice traffic

Summary

Chapter 16: Network Forensic Analysis Tools

Capturing packets using Wireshark

Packet analysis using NetworkMiner

Packet capture analysis with PcapXray

Online PCAP analysis using packettotal.com

Online PCAP analysis using apackets.com

Reporting and presentation

Summary

Index

Why subscribe?

Other Books You May Enjoy

Packt is searching for authors like you

Share Your Thoughts

Download a free PDF copy of this book

Customer Reviews

5 star

4 star

3 star

2 star

1 star

Understanding red teaming

Possibly the most commonly known team among users of Kali Linux, the red team is the name given to the collective of individuals responsible for handling the offensive side of security as it relates to OSINT, scanning, vulnerability assessments, and the penetration testing of resources, including but not limited to individuals, companies, host end users (desktops, laptops, mobiles), and network and critical infrastructure such as servers, routers, switches, firewalls, NAS, databases, WebApps, and portals. There are also systems such as IoT, Operational Technology (OT) devices, and Industrial Control Systems (ICS), which also require assessments by highly skilled red teamers.

Red teamers are generally thought of as highly skilled ethical hackers and penetration testers who, apart from having the skill sets to conduct the assessments listed previously, may also have the technical certifications that allow them to do so. Although certifications may not directly reflect the abilities of the individuals, they have been known to aid in obtaining jobs.

Some red teaming certifications include (but are not limited to):

Offensive Security Certified Professional (OSCP): Developed by the creators of Kali Linux
Certified Ethical Hacker (CEH): From the EC-Council
Practical Network Penetration Tester (PNPT): Developed by TCM Security
Pentest+: By CompTIA
SANS SEC: Courses from the SANS Institute
e-Learn Junior Penetration Tester (eJPT): Developed by e-Learn Security for beginners interested in becoming red teamers

Ultimately, all of this knowledge allows red teamers to conduct offensive attacks (with explicit permission) against companies to simulate internal and external threat actors and essentially hack systems and security mechanisms in the same manner in which malicious actors would compromise and exploit the attack surface of an individual, company, or valued asset.

Kali Linux generally contains all the tools required to perform almost all types of offensive security and red teaming assessments. On a personal note, Kali Linux is my go-to operating system of choice for penetration testing as most of the tools required for fingerprinting, reconnaissance, OSINT, vulnerability assessments, exploitation, and reporting are all readily available and preinstalled on the platform. I’ve been using Kali to conduct red team exercises for over 12 years and I don’t see that changing anytime soon, as they’ve always maintained the OS and support for tools over the years.

Let’s move on to blue teaming now.

Digital Forensics with Kali Linux - Third Edition

By : Shiva V. N. Parasram

Digital Forensics with Kali Linux - Third Edition

By: Shiva V. N. Parasram

Overview of this book

Related Content you might be interested in

Current Title:

Digital Forensics with Kali Linux - Third Edition

Windows Forensics Analyst Field Guide

Digital Forensics and Incident Response.

Kali Linux 2018: Assuring Security by Penetration Testing

Understanding red teaming