Cover image for Digital Forensics with Kali Linux - Second Edition

Digital Forensics with Kali Linux - Second Edition

Author Shiva V. N. Parasram
Release Date: 2020/04/01
Topic:
0%
20
Chapters
0-1
Hours read
0k
Total Words
    Start Reading Now    
       Add to Wishlist       
View table of contents

Book Description

Take your forensic abilities and investigation skills to the next level using powerful tools that cater to all aspects of digital forensic investigations, right from hashing to reporting

Key Features

  • Perform evidence acquisition, preservation, and analysis using a variety of Kali Linux tools
  • Use PcapXray to perform timeline analysis of malware and network activity
  • Implement the concept of cryptographic hashing and imaging using Kali Linux

Book Description

Kali Linux is a Linux-based distribution that's widely used for penetration testing and digital forensics. It has a wide range of tools to help for digital forensics investigations and incident response mechanisms.

This updated second edition of Digital Forensics with Kali Linux covers the latest version of Kali Linux and The Sleuth Kit. You'll get to grips with modern techniques for analysis, extraction, and reporting using advanced tools such as FTK Imager, hex editor, and Axiom. Updated to cover digital forensics basics and advancements in the world of modern forensics, this book will also delve into the domain of operating systems. Progressing through the chapters, you'll explore various formats for file storage, including secret hiding places unseen by the end user or even the operating system. The book will also show you how to create forensic images of data and maintain integrity using hashing tools. Finally, you'll cover advanced topics such as autopsies and acquiring investigation data from networks, operating system memory, and quantum cryptography.

By the end of this book, you'll have gained hands-on experience of implementing all the pillars of digital forensics: acquisition, extraction, analysis, and presentation, all using Kali Linux tools.

What you will learn

  • Get up and running with powerful Kali Linux tools for digital investigation and analysis
  • Perform internet and memory forensics with Volatility and Xplico
  • Understand filesystems, storage, and data fundamentals
  • Become well-versed with incident response procedures and best practices
  • Perform ransomware analysis using labs involving actual ransomware
  • Carry out network forensics and analysis using NetworkMiner and other tools

Who this book is for

This Kali Linux book is for forensics and digital investigators, security analysts, or anyone interested in learning digital forensics using Kali Linux. Basic knowledge of Kali Linux will be helpful to gain a better understanding of the concepts covered.

Table of Contents

  1. Digital Forensics with Kali Linux Second Edition 
  2. Why subscribe?
  3. Contributors
  4. About the author
  5. About the reviewers
  6. Packt is searching for authors like you
  7. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
    4. Download the example code files
    5. Download the color images
    6. Conventions used
    7. Get in touch
    8. Reviews
  8. Section 1: Kali Linux – Not Just for Penetration Testing
  9. Chapter 1: Introduction to Digital Forensics
    1. What is digital forensics?
    2. Digital forensics methodology
    3. A brief history of digital forensics
    4. The need for digital forensics as technology advances
    5. Operating systems and open source tools for digital forensics
      1. Digital Evidence and Forensics Toolkit (DEFT) Linux
      2. CAINE
      3. Kali Linux
    6. The need for multiple forensics tools in digital investigations
    7. Commercial forensics tools
      1. Belkasoft Evidence Center (EC) 2020
      2. AccessData Forensic Toolkit (FTK)
      3. EnCase Forensic
    8. Anti-forensics – threats to digital forensics
      1. Encryption
      2. Online and offline anonymity
    9. Summary
    10. Further reading
  10. Chapter 2: Installing Kali Linux
    1. Software version
    2. Downloading Kali Linux
    3. Installing Kali Linux
    4. Installing Kali Linux in VirtualBox
      1. Preparing the Kali Linux virtual machine
      2. Installing Kali Linux on the virtual machine
      3. Creating a bootable Kali Linux portable drive
      4. Exploring Kali Linux
    5. Summary
  11. Section 2: Forensic Fundamentals and Best Practices
  12. Chapter 3: Understanding Filesystems and Storage Media
    1. The history of storage media
      1. IBM and the history of storage media
      2. Removable storage media
      3. Hard disk drives
    2. Filesystems and operating systems
    3. What about the data?
      1. Data states
      2. Metadata
      3. Slack space
    4. Data volatility
    5. The paging file and its importance in digital forensics
    6. Summary
  13. Chapter 4: Incident Response and Data Acquisition
    1. Digital evidence acquisition and procedures
    2. Incident response and first responders
    3. Documentation and evidence collection
      1. Physical evidence collection and preservation
      2. Physical acquisition tools
      3. Order of volatility
    4. Chain of custody
    5. Live acquisition versus post-mortem acquisition
      1. Powered-on devices
      2. Powered-off devices
    6. Write blocking
    7. Data imaging and hashing
      1. Message Digest hash
      2. Secure Hashing Algorithm (SHA)
    8. Device and data acquisition guidelines and best practices
    9. Summary
  14. Section 3: Forensic Tools in Kali Linux
  15. Chapter 5: Evidence Acquisition and Preservation with dc3dd and Guymager
    1. Drive and partition recognition in Linux
      1. Device identification using the fdisk command
    2. Maintaining evidence integrity
    3. Using dc3dd in Kali Linux
      1. File-splitting using dc3dd
      2. Erasing a drive using dc3dd
    4. Image acquisition using DD
    5. Image acquisition using Guymager
      1. Running Guymager
      2. Acquiring evidence with Guymager
    6. Windows memory acquisition
      1. FTK Imager
      2. RAM acquisition with FTK Imager
      3. Belkasoft RAM Capturer
    7. Summary
  16. Chapter 6: File Recovery and Data Carving with foremost, Scalpel, and bulk_extractor
    1. Forensic test images used in Foremost and Scalpel
    2. Using Foremost for file recovery and data carving
      1. Viewing the Foremost results
      2. Simple JPEG recovery using recoverjpeg
    3. Using Scalpel for data carving
      1. Specifying file types in Scalpel
      2. Using Scalpel for file carving
      3. Viewing the results of Scalpel
      4. Comparing Foremost and Scalpel
    4. bulk_extractor
      1. Forensic test image used in bulk_extractor
      2. Using bulk_extractor
      3. Viewing the results of bulk_extractor
    5. Summary
  17. Chapter 7: Memory Forensics with Volatility
    1. Introducing the Volatility Framework
    2. Downloading test images for use with Volatility
      1. Image location
    3. Using Volatility in Kali Linux
      1. Choosing a profile in Volatility
      2. Process identification and analysis
      3. Analyzing network services and connections
      4. DLL analysis
      5. Registry analysis
      6. Password dumping
      7. Timeline of events
      8. Memory analysis using Evolve (a Volatility GUI)
    4. Summary
  18. Chapter 8: Artifact Analysis
    1. Identifying devices and operating systems with p0f
    2. Information gathering and fingerprinting with Nmap
    3. Live Linux forensics with Linux Explorer
    4. Ransomware analysis
      1. Downloading and extracting a sample ransomware file
      2. WannaCry analysis using Volatility
    5. swap_digger
      1. Installing and using swap_digger
    6. Password dumping with mimipenguin
    7. Examining Firefox artifacts with pdgmail
    8. Summary
  19. Section 4: Automated Digital Forensic Suites
  20. Chapter 9: Autopsy
    1. Introduction to Autopsy
    2. The sample image file used in Autopsy
    3. Digital forensics with Autopsy
      1. Starting Autopsy
      2. Creating a new case
      3. Analysis using Autopsy
      4. Reopening cases in Autopsy
      5. Autopsy in Windows
    4. Summary
  21. Chapter 10: Analysis with Xplico
    1. Software requirements
    2. Installing Xplico in Kali Linux
    3. Starting Xplico in DEFT Linux 8.2
    4. Packet capture analysis using Xplico
      1. HTTP and web analysis using Xplico
      2. VoIP analysis using Xplico
      3. Email analysis using Xplico
    5. Network activity analysis exercise
    6. Summary
  22. Chapter 11: Network Analysis
    1. Capturing packets using Wireshark
    2. NetworkMiner
    3. Packet capture analysis with PcapXray
    4. Online PCAP analysis
    5. Reporting and presentation
    6. Summary
  23. Other Books You May Enjoy
3.135.202.224