What this book covers
Chapter 1, Red, Blue, and Purple Teaming Fundamentals, informs you about the different types of cyber security teams to which penetration testers and forensic investigators belong, and the skillsets required.
Chapter 2, Introduction to Digital Forensics, introduces you to the world of digital forensics and forensic methodology, and also introduces you to various forensic operating systems.
Chapter 3, Installing Kali Linux, covers the various methods that can be used to install Kali Linux as a virtual machine or as a standalone operating system, which can also be run from a flash drive or SD card.
Chapter 4, Additional Kali Installations and Post-Installation Tasks, builds upon the Kali installation and guides you through performing additional installations and post-installation tasks such as enabling a root user and updating Kali Linux.
Chapter 5, Installing Wine in Kali Linux, shows the versatility of Linux systems, where you will learn how to install and use forensic tools designed to be used in the Windows platform, in a Kali Linux system using Wine.
Chapter 6, Understanding File Systems and Storage Media, dives into the realm of operating systems and the various formats for file storage, including secret hiding places not seen by the end user, or even the operating system. We also inspect data about data, known as metadata, and look at its volatility.
Chapter 7, Incident Response, Data Acquisitions, and DFIR Frameworks, asks what happens when an incident is reported or detected. Who are the first responders and what are the procedures for maintaining the integrity of the evidence? In this chapter, we look at best practices, procedures, and frameworks for data acquisition and evidence collection.
Chapter 8, Evidence Acquisition Tools, builds on the theory behind data acquisitions and best practices and teaches you to use industry-recognized tools such as DC3DD, DD, Guymager, FTK Imager, and RAM Capturer to perform data and image acquisition while preserving evidence integrity.
Chapter 9, File Recovery and Data Carving Tools, introduces the investigative side of digital forensics by using various tools such as Magic Rescue, Scalpel, Bulk_Extractor, scrounge_ntfs, and recoverjpeg to carve and recover data and artifacts from forensically acquired images and media.
Chapter 10, Memory Forensics and Analysis with Volatility 3, takes us into the analysis of memory artifacts and demonstrates the importance of preserving volatile evidence such as the contents of the RAM and the paging file.
Chapter 11, Artifact, Malware, and Ransomware Analysis, carries us much deeper into artifact analysis using p0f, swap_digger, and mimipenguin, and, thereafter, demonstrates how to perform malware and ransomware analysis using pdf-parser, hybrid-analysis.com, and Volatility.
Chapter 12, Autopsy Forensic Browser, showcases automated file recovery and analysis within Kali Linux using a single tool.
Chapter 13, Performing a Full DFIR Analysis with the Autopsy 4 GUI, dives much deeper into automated file carving, data recovery, and analysis using one of the most powerful and free forensic tools, which takes forensic abilities and investigations to a professional level, catering for all aspects of full digital forensics investigations, from hashing to reporting.
Chapter 14, Network Discovery Tools, showcases network scanning and reconnaissance tools such as netdiscover, nmap, and Shodan, which, although not specifically designed for use as forensic tools, are useful in providing additional information when performing incident response.
Chapter 15, Packet Capture Analysis with Xplico, gives an insightful use of automated packet analysis using one tool for investigating network and internet traffic.
Chapter 16, Network Forensic Analysis Tools, ends the book by demonstrating how to capture and analyze packets using a variety of tools and websites including Wireshark, NetworkMiner, packettotal.com, and apackets.com.
