Book Image

Digital Forensics with Kali Linux - Second Edition

By : Shiva V. N. Parasram
Book Image

Digital Forensics with Kali Linux - Second Edition

By: Shiva V. N. Parasram

Overview of this book

Kali Linux is a Linux-based distribution that's widely used for penetration testing and digital forensics. It has a wide range of tools to help for digital forensics investigations and incident response mechanisms. This updated second edition of Digital Forensics with Kali Linux covers the latest version of Kali Linux and The Sleuth Kit. You'll get to grips with modern techniques for analysis, extraction, and reporting using advanced tools such as FTK Imager, hex editor, and Axiom. Updated to cover digital forensics basics and advancements in the world of modern forensics, this book will also delve into the domain of operating systems. Progressing through the chapters, you'll explore various formats for file storage, including secret hiding places unseen by the end user or even the operating system. The book will also show you how to create forensic images of data and maintain integrity using hashing tools. Finally, you'll cover advanced topics such as autopsies and acquiring investigation data from networks, operating system memory, and quantum cryptography. By the end of this book, you'll have gained hands-on experience of implementing all the pillars of digital forensics: acquisition, extraction, analysis, and presentation, all using Kali Linux tools.
Table of Contents (17 chapters)
Section 1: Kali Linux – Not Just for Penetration Testing
Section 2: Forensic Fundamentals and Best Practices
Section 3: Forensic Tools in Kali Linux
Section 4: Automated Digital Forensic Suites
Other Books You May Enjoy

Introducing the Volatility Framework

The Volatility Framework is an open source, cross-platform, incident response framework that comes with many useful plugins that provide the investigator with a wealth of information from a snapshot of memory, also known as a memory dump. The concept of volatility has been around for a decade, and apart from analyzing running and hidden processes, it is also a very popular choice for malware analysis.

To create a memory dump, several tools, such as Belkasoft Ram Capturer, FTK Imager, DD, DC3DD, Computer Aided INvestigative Environment (CAINE), Helix, and Linux Memory Extractor (LiME), can be used to acquire the memory image or memory dump, and then be investigated and analyzed by the tools within the Volatility Framework.

The Volatility Framework can be run on any operating system (32- and 64-bit) that supports Python, including the following:

  • Windows XP, 7, 8, 8.1, and Windows 10 (14393.447)
  • Windows Server 2003, 2008, 2012/R2...