You're reading from Digital Forensics with Kali Linux Perform data acquisition, data recovery, network forensics, and malware analysis with Kali Linux 2019.x

Product type Paperback

Published in Apr 2020

Publisher Packt

ISBN-13 9781838640804

Length 334 pages

Edition 2nd Edition

Tools

Kali Linux

Concepts

Forensics

Author (1):

Shiva V. N. Parasram

View More author details

Table of Contents (17) Chapters

Preface

1. Section 1: Kali Linux – Not Just for Penetration Testing

2. Chapter 1: Introduction to Digital Forensics FREE CHAPTER

3. Chapter 2: Installing Kali Linux

4. Section 2: Forensic Fundamentals and Best Practices

5. Chapter 3: Understanding Filesystems and Storage Media

6. Chapter 4: Incident Response and Data Acquisition

7. Section 3: Forensic Tools in Kali Linux

8. Chapter 5: Evidence Acquisition and Preservation with dc3dd and Guymager

9. Chapter 6: File Recovery and Data Carving with foremost, Scalpel, and bulk_extractor

10. Chapter 7: Memory Forensics with Volatility

11. Chapter 8: Artifact Analysis

12. Section 4: Automated Digital Forensic Suites

13. Chapter 9: Autopsy

14. Chapter 10: Analysis with Xplico

15. Chapter 11: Network Analysis

16. Other Books You May Enjoy

Online PCAP analysis

We've come to the last topic and the last lab in this book. This one is also a fully automated tool for PCAP analysis and is done online using PacketTotal: www.packettotal.com.

PacketTotal is completely free and is, quite simply, where a user can visit the site and either drag a file or click on the upload button to upload and analyze a .pcap file. The only restriction is that there is a limit of 50 MB on .pcap file uploads:

Figure 11.46 – PacketTotal.com .pcap upload page

Click on upload and browse to the very same file we just analyzed using PcapXray (2019-07-19-traffic-analysis-exercise.pcap) and then click on Open. You'll have to click on the I'm not a robot checkbox to continue before clicking on the Analyze button:

Figure 11.47 – PacketTotal security feature

Once the analysis is complete, PacketTotal gives a very detailed view of the traffic captured. Notice the categories...