Book Image

Digital Forensics with Kali Linux - Second Edition

By : Shiva V. N. Parasram
Book Image

Digital Forensics with Kali Linux - Second Edition

By: Shiva V. N. Parasram

Overview of this book

Kali Linux is a Linux-based distribution that's widely used for penetration testing and digital forensics. It has a wide range of tools to help for digital forensics investigations and incident response mechanisms. This updated second edition of Digital Forensics with Kali Linux covers the latest version of Kali Linux and The Sleuth Kit. You'll get to grips with modern techniques for analysis, extraction, and reporting using advanced tools such as FTK Imager, hex editor, and Axiom. Updated to cover digital forensics basics and advancements in the world of modern forensics, this book will also delve into the domain of operating systems. Progressing through the chapters, you'll explore various formats for file storage, including secret hiding places unseen by the end user or even the operating system. The book will also show you how to create forensic images of data and maintain integrity using hashing tools. Finally, you'll cover advanced topics such as autopsies and acquiring investigation data from networks, operating system memory, and quantum cryptography. By the end of this book, you'll have gained hands-on experience of implementing all the pillars of digital forensics: acquisition, extraction, analysis, and presentation, all using Kali Linux tools.
Table of Contents (17 chapters)
Section 1: Kali Linux – Not Just for Penetration Testing
Section 2: Forensic Fundamentals and Best Practices
Section 3: Forensic Tools in Kali Linux
Section 4: Automated Digital Forensic Suites
Other Books You May Enjoy

Online PCAP analysis

We've come to the last topic and the last lab in this book. This one is also a fully automated tool for PCAP analysis and is done online using PacketTotal:

PacketTotal is completely free and is, quite simply, where a user can visit the site and either drag a file or click on the upload button to upload and analyze a .pcap file. The only restriction is that there is a limit of 50 MB on .pcap file uploads:

Figure 11.46 – .pcap upload page

Click on upload and browse to the very same file we just analyzed using PcapXray (2019-07-19-traffic-analysis-exercise.pcap) and then click on Open. You'll have to click on the I'm not a robot checkbox to continue before clicking on the Analyze button:

Figure 11.47 – PacketTotal security feature

Once the analysis is complete, PacketTotal gives a very detailed view of the traffic captured. Notice the categories...