Digital Forensics with Kali Linux - Second Edition

By : Shiva V. N. Parasram

Digital Forensics with Kali Linux - Second Edition

By: Shiva V. N. Parasram

Overview of this book

Kali Linux is a Linux-based distribution that's widely used for penetration testing and digital forensics. It has a wide range of tools to help for digital forensics investigations and incident response mechanisms. This updated second edition of Digital Forensics with Kali Linux covers the latest version of Kali Linux and The Sleuth Kit. You'll get to grips with modern techniques for analysis, extraction, and reporting using advanced tools such as FTK Imager, hex editor, and Axiom. Updated to cover digital forensics basics and advancements in the world of modern forensics, this book will also delve into the domain of operating systems. Progressing through the chapters, you'll explore various formats for file storage, including secret hiding places unseen by the end user or even the operating system. The book will also show you how to create forensic images of data and maintain integrity using hashing tools. Finally, you'll cover advanced topics such as autopsies and acquiring investigation data from networks, operating system memory, and quantum cryptography. By the end of this book, you'll have gained hands-on experience of implementing all the pillars of digital forensics: acquisition, extraction, analysis, and presentation, all using Kali Linux tools.

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the example code files

Download the color images

Conventions used

Get in touch

Reviews

Section 1: Kali Linux – Not Just for Penetration Testing

Free Chapter

Chapter 1: Introduction to Digital Forensics

What is digital forensics?

Digital forensics methodology

A brief history of digital forensics

The need for digital forensics as technology advances

Operating systems and open source tools for digital forensics

The need for multiple forensics tools in digital investigations

Commercial forensics tools

Anti-forensics – threats to digital forensics

Summary

Further reading

Chapter 2: Installing Kali Linux

Software version

Downloading Kali Linux

Installing Kali Linux

Installing Kali Linux in VirtualBox

Summary

Section 2: Forensic Fundamentals and Best Practices

Chapter 3: Understanding Filesystems and Storage Media

The history of storage media

Filesystems and operating systems

What about the data?

Data volatility

The paging file and its importance in digital forensics

Summary

Chapter 4: Incident Response and Data Acquisition

Digital evidence acquisition and procedures

Incident response and first responders

Documentation and evidence collection

Chain of custody

Live acquisition versus post-mortem acquisition

Write blocking

Data imaging and hashing

Device and data acquisition guidelines and best practices

Summary

Section 3: Forensic Tools in Kali Linux

Chapter 5: Evidence Acquisition and Preservation with dc3dd and Guymager

Drive and partition recognition in Linux

Maintaining evidence integrity

Using dc3dd in Kali Linux

Image acquisition using DD

Image acquisition using Guymager

Windows memory acquisition

Summary

Chapter 6: File Recovery and Data Carving with foremost, Scalpel, and bulk_extractor

Forensic test images used in Foremost and Scalpel

Using Foremost for file recovery and data carving

Using Scalpel for data carving

bulk_extractor

Summary

Chapter 7: Memory Forensics with Volatility

Introducing the Volatility Framework

Downloading test images for use with Volatility

Using Volatility in Kali Linux

Summary

Chapter 8: Artifact Analysis

Identifying devices and operating systems with p0f

Information gathering and fingerprinting with Nmap

Live Linux forensics with Linux Explorer

Ransomware analysis

swap_digger

Password dumping with mimipenguin

Examining Firefox artifacts with pdgmail

Summary

Section 4: Automated Digital Forensic Suites

Chapter 9: Autopsy

Introduction to Autopsy

The sample image file used in Autopsy

Digital forensics with Autopsy

Summary

Chapter 10: Analysis with Xplico

Software requirements

Installing Xplico in Kali Linux

Starting Xplico in DEFT Linux 8.2

Packet capture analysis using Xplico

Network activity analysis exercise

Summary

Chapter 11: Network Analysis

Capturing packets using Wireshark

NetworkMiner

Packet capture analysis with PcapXray

Online PCAP analysis

Reporting and presentation

Summary

Other Books You May Enjoy

Customer Reviews

5 star

4 star

3 star

2 star

1 star

Introducing the Volatility Framework

The Volatility Framework is an open source, cross-platform, incident response framework that comes with many useful plugins that provide the investigator with a wealth of information from a snapshot of memory, also known as a memory dump. The concept of volatility has been around for a decade, and apart from analyzing running and hidden processes, it is also a very popular choice for malware analysis.

To create a memory dump, several tools, such as Belkasoft Ram Capturer, FTK Imager, DD, DC3DD, Computer Aided INvestigative Environment (CAINE), Helix, and Linux Memory Extractor (LiME), can be used to acquire the memory image or memory dump, and then be investigated and analyzed by the tools within the Volatility Framework.

The Volatility Framework can be run on any operating system (32- and 64-bit) that supports Python, including the following:

Windows XP, 7, 8, 8.1, and Windows 10 (14393.447)
Windows Server 2003, 2008, 2012/R2...

Digital Forensics with Kali Linux - Second Edition

By : Shiva V. N. Parasram

Digital Forensics with Kali Linux - Second Edition

By: Shiva V. N. Parasram

Overview of this book

Related Content you might be interested in

Current Title:

Digital Forensics with Kali Linux - Second Edition

Digital Forensics and Incident Response

Learn Computer Forensics – 2nd edition

Windows Forensics Analyst Field Guide

Introducing the Volatility Framework