Book Image

Digital Forensics with Kali Linux - Second Edition

By : Shiva V. N. Parasram
Book Image

Digital Forensics with Kali Linux - Second Edition

By: Shiva V. N. Parasram

Overview of this book

Kali Linux is a Linux-based distribution that's widely used for penetration testing and digital forensics. It has a wide range of tools to help for digital forensics investigations and incident response mechanisms. This updated second edition of Digital Forensics with Kali Linux covers the latest version of Kali Linux and The Sleuth Kit. You'll get to grips with modern techniques for analysis, extraction, and reporting using advanced tools such as FTK Imager, hex editor, and Axiom. Updated to cover digital forensics basics and advancements in the world of modern forensics, this book will also delve into the domain of operating systems. Progressing through the chapters, you'll explore various formats for file storage, including secret hiding places unseen by the end user or even the operating system. The book will also show you how to create forensic images of data and maintain integrity using hashing tools. Finally, you'll cover advanced topics such as autopsies and acquiring investigation data from networks, operating system memory, and quantum cryptography. By the end of this book, you'll have gained hands-on experience of implementing all the pillars of digital forensics: acquisition, extraction, analysis, and presentation, all using Kali Linux tools.
Table of Contents (17 chapters)
1
Section 1: Kali Linux – Not Just for Penetration Testing
4
Section 2: Forensic Fundamentals and Best Practices
7
Section 3: Forensic Tools in Kali Linux
12
Section 4: Automated Digital Forensic Suites
16
Other Books You May Enjoy

The need for digital forensics as technology advances

Some of you may be sufficiently young-at-heart to remember the days of Windows 95, 3.x, and even Disk Operating System (DOS). Smart watches, calculators, and many Internet of Things (IoT) devices are today much faster than the first generation of personal computers and servers. In 1995, it was common to come across hard disk drives between 4 and 10 GB, whereas today, you can easily purchase drives with capacities of 2 terabytes (TB) and up.

Consider also the various types of storage media today, including flash drives, SD cards, CDs, DVDs, Blu-ray discs, hybrid drives, and SSDs, as compared to the older floppy disks, which, at their most compact and efficient, only stored 1.44 MB of data on a 3 ¼-inch disk. Although discussed in detail in a later chapter, we now have many options for not only storing data but also for deleting and even hiding data (through the art of steganography), especially as Alternate Data Streams (ADS), which can be done on Windows New Technology File System (NTFS) media. Encryption using TrueCrypt, VeraCrypt, and BitLocker also add to the complexity and duration of forensics investigations today.

With the advancement of technology also comes a deeper understanding of programming languages, operating systems both average and advanced, and knowledge and utilization of digital devices. This also translates into more user-friendly interfaces that can accomplish many of the same tasks as with the command-line interface (CLI), used mainly by advanced users. Essentially, today's simple GUI, together with a wealth of resources readily found on search engines, can make certain tasks such as hiding data far easier than before.

Hiding large amounts of data is also simpler today, considering that the speed of processors, combined with large amounts of random-access memory (RAM), including devices that can also act as RAM far surpasses those of as recent as 5 years ago. Graphics cards must also be mentioned and taken into consideration, as more and more mobile devices are being outfitted with very powerful high-end onboard NVIDIA and ATI cards that also have their own separate RAM, aiding the process. Considering all these factors does lend support to the idea put forth by Gordon E. Moore in the 1970s, which states that computing power doubles every 2 years, commonly known as Moore's Law.

However, Jensen Huang, Chief Executive Officer (CEO) of NVIDIA, stated that Moore's Law is dying as graphics processing units (GPUs) will ultimately replace central processing units (CPUs) due to the GPUs' performance and technological advancements and abilities in handling artificial intelligence (AI).

Huang's statement was also mirrored by ex-Intel CEO Brian Krzanich.

All things considered, several avenues for carrying out cybercrimes are now available, including malware and ransomware distribution, DoS and DDoS attacks, espionage, blackmail, identity theft, data theft, illegal online activities and transactions, and a plethora of other malicious activities. Many of these activities are anonymous as they occur over the internet and often take place using masked IP addresses and public networks, and so make investigations that much harder for the relevant agencies in pinpointing locations and apprehending suspects. For more of the latest threats and cybercrime news, have a look at this Trend Micro link: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats.

With cybercrime being such big business, the response from law enforcement officials and agencies must be equally impressive in their research, development, intelligence, and training divisions if they are to put up a fight in what may seem like a never-ending battle in the digital world.

Digital forensics not only applies to storage media but also to network and internet connections, mobile devices, IoT devices, and, in reality, any device that can store, access, or transmit data. As such, we have a variety of tools, both commercial and open source, available to us, depending on the task at hand.

Earlier in 2019, digital forensic solution provider Paraben hosted a blog on their site that mentioned the need for more advanced and complicated Digital Forensics and Incident Response (DFIR) plans and solutions, seeing that business models today include virtualized infrastructure and some type of cloud service or subscription package that has led to the need for Forensics As A Service (FAAS), which encompasses the bundling of forensic skillsets (within the many areas of digital forensics), software, analysis, and the ability to respond to any types of threats, as a service.