Home Page Icon
Home Page
Table of Contents for
cover
Close
cover
by Shiva V. N. Parasram
Digital Forensics with Kali Linux - Second Edition
Digital Forensics with Kali Linux Second Edition
Why subscribe?
Contributors
About the author
About the reviewers
Packt is searching for authors like you
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Download the color images
Conventions used
Get in touch
Reviews
Section 1: Kali Linux – Not Just for Penetration Testing
Chapter 1: Introduction to Digital Forensics
What is digital forensics?
Digital forensics methodology
A brief history of digital forensics
The need for digital forensics as technology advances
Operating systems and open source tools for digital forensics
Digital Evidence and Forensics Toolkit (DEFT) Linux
CAINE
Kali Linux
The need for multiple forensics tools in digital investigations
Commercial forensics tools
Belkasoft Evidence Center (EC) 2020
AccessData Forensic Toolkit (FTK)
EnCase Forensic
Anti-forensics – threats to digital forensics
Encryption
Online and offline anonymity
Summary
Further reading
Chapter 2: Installing Kali Linux
Software version
Downloading Kali Linux
Installing Kali Linux
Installing Kali Linux in VirtualBox
Preparing the Kali Linux virtual machine
Installing Kali Linux on the virtual machine
Creating a bootable Kali Linux portable drive
Exploring Kali Linux
Summary
Section 2: Forensic Fundamentals and Best Practices
Chapter 3: Understanding Filesystems and Storage Media
The history of storage media
IBM and the history of storage media
Removable storage media
Hard disk drives
Filesystems and operating systems
What about the data?
Data states
Metadata
Slack space
Data volatility
The paging file and its importance in digital forensics
Summary
Chapter 4: Incident Response and Data Acquisition
Digital evidence acquisition and procedures
Incident response and first responders
Documentation and evidence collection
Physical evidence collection and preservation
Physical acquisition tools
Order of volatility
Chain of custody
Live acquisition versus post-mortem acquisition
Powered-on devices
Powered-off devices
Write blocking
Data imaging and hashing
Message Digest hash
Secure Hashing Algorithm (SHA)
Device and data acquisition guidelines and best practices
Summary
Section 3: Forensic Tools in Kali Linux
Chapter 5: Evidence Acquisition and Preservation with dc3dd and Guymager
Drive and partition recognition in Linux
Device identification using the fdisk command
Maintaining evidence integrity
Using dc3dd in Kali Linux
File-splitting using dc3dd
Erasing a drive using dc3dd
Image acquisition using DD
Image acquisition using Guymager
Running Guymager
Acquiring evidence with Guymager
Windows memory acquisition
FTK Imager
RAM acquisition with FTK Imager
Belkasoft RAM Capturer
Summary
Chapter 6: File Recovery and Data Carving with foremost, Scalpel, and bulk_extractor
Forensic test images used in Foremost and Scalpel
Using Foremost for file recovery and data carving
Viewing the Foremost results
Simple JPEG recovery using recoverjpeg
Using Scalpel for data carving
Specifying file types in Scalpel
Using Scalpel for file carving
Viewing the results of Scalpel
Comparing Foremost and Scalpel
bulk_extractor
Forensic test image used in bulk_extractor
Using bulk_extractor
Viewing the results of bulk_extractor
Summary
Chapter 7: Memory Forensics with Volatility
Introducing the Volatility Framework
Downloading test images for use with Volatility
Image location
Using Volatility in Kali Linux
Choosing a profile in Volatility
Process identification and analysis
Analyzing network services and connections
DLL analysis
Registry analysis
Password dumping
Timeline of events
Memory analysis using Evolve (a Volatility GUI)
Summary
Chapter 8: Artifact Analysis
Identifying devices and operating systems with p0f
Information gathering and fingerprinting with Nmap
Live Linux forensics with Linux Explorer
Ransomware analysis
Downloading and extracting a sample ransomware file
WannaCry analysis using Volatility
swap_digger
Installing and using swap_digger
Password dumping with mimipenguin
Examining Firefox artifacts with pdgmail
Summary
Section 4: Automated Digital Forensic Suites
Chapter 9: Autopsy
Introduction to Autopsy
The sample image file used in Autopsy
Digital forensics with Autopsy
Starting Autopsy
Creating a new case
Analysis using Autopsy
Reopening cases in Autopsy
Autopsy in Windows
Summary
Chapter 10: Analysis with Xplico
Software requirements
Installing Xplico in Kali Linux
Starting Xplico in DEFT Linux 8.2
Packet capture analysis using Xplico
HTTP and web analysis using Xplico
VoIP analysis using Xplico
Email analysis using Xplico
Network activity analysis exercise
Summary
Chapter 11: Network Analysis
Capturing packets using Wireshark
NetworkMiner
Packet capture analysis with PcapXray
Online PCAP analysis
Reporting and presentation
Summary
Other Books You May Enjoy
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Next
Next Chapter
Digital Forensics with Kali Linux Second Edition
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset