Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Digital Forensics with Kali Linux

You're reading from   Digital Forensics with Kali Linux Perform data acquisition, data recovery, network forensics, and malware analysis with Kali Linux 2019.x

Arrow left icon
Product type Paperback
Published in Apr 2020
Publisher Packt
ISBN-13 9781838640804
Length 334 pages
Edition 2nd Edition
Concepts
Arrow right icon
Author (1):
Arrow left icon
Shiva V. N. Parasram Shiva V. N. Parasram
Author Profile Icon Shiva V. N. Parasram
Shiva V. N. Parasram
Arrow right icon
View More author details
Toc

Table of Contents (17) Chapters Close

Preface 1. Section 1: Kali Linux – Not Just for Penetration Testing
2. Chapter 1: Introduction to Digital Forensics FREE CHAPTER 3. Chapter 2: Installing Kali Linux 4. Section 2: Forensic Fundamentals and Best Practices
5. Chapter 3: Understanding Filesystems and Storage Media 6. Chapter 4: Incident Response and Data Acquisition 7. Section 3: Forensic Tools in Kali Linux
8. Chapter 5: Evidence Acquisition and Preservation with dc3dd and Guymager 9. Chapter 6: File Recovery and Data Carving with foremost, Scalpel, and bulk_extractor 10. Chapter 7: Memory Forensics with Volatility 11. Chapter 8: Artifact Analysis 12. Section 4: Automated Digital Forensic Suites
13. Chapter 9: Autopsy 14. Chapter 10: Analysis with Xplico 15. Chapter 11: Network Analysis 16. Other Books You May Enjoy

Digital forensics methodology

Keeping in mind that forensics is a science, digital forensics requires appropriate best practices and procedures to be followed in an effort to produce the same results time and time again, providing proof of evidence, preservation, and integrity that can be replicated, if called upon to do so.

Although many people may not be performing digital forensics to be used as evidence in a court of law, it is best to practice in such a way as can be accepted and presented in a court of law. The main purpose of adhering to best practices set by organizations specializing in digital forensics and incident response is to maintain the integrity of the evidence for the duration of the investigation. In the event that the investigator's work must be scrutinized and critiqued by another or an opposing party, the results found by the investigator must be able to be recreated, thereby proving the integrity of the investigation. The purpose of this is to ensure that your methods can be repeated and, if dissected or scrutinized, produce the same results time and again. The methodology used, including the procedures and findings of your investigation, should always allow for the maintenance of the data's integrity, regardless of which tools are used.

The best practices demonstrated in this book ensure that the original evidence is not tampered with, or, in cases of investigating devices and data in a live or production environment, show well-documented proof that necessary steps were taken during the investigation to avoid unnecessary tampering of the evidence, thereby preserving the integrity of the evidence. For those completely new to investigations, I recommend familiarizing yourself with some of the various practices and methodologies available and widely practiced by the professional community.

As such, there exist several guidelines and methodologies that you should adopt, or at least follow, to ensure that examinations and investigations are forensically sound.

The three best practices documents mentioned in this chapter are as follows:

  • The ACPO Good Practice Guide for Digital Evidence
  • The Scientific Working Group on Digital Evidence's (SWGDE) Best Practices for Computer Forensics
  • The Budapest Convention on Cybercrime (CETS No. 185)

Although written in 2012, ACPO, now functioning as the National Police Chiefs' Council (NPCC), put forth a document in a PDF file called the ACPO Good Practice Guide for Digital Evidence regarding best practices when carrying out digital forensics investigations, particularly focusing on evidence acquisition. The ACPO Good Practice Guide for Digital Evidence was then adopted and adhered to by law enforcement agencies in England, Wales, and Northern Ireland, and can be downloaded in its entirety at https://www.npcc.police.uk/documents/FoI%20publication/Disclosure%20Logs/Information%20Management%20FOI/2013/031%2013%20Att%2001%20of%201%20ACPO%20Good%20Practice%20Guide%20for%20Digital%20Evidence%20March%202012.pdf.

Another useful and more recent document, produced in September 2014, on best practices in digital forensics was issued by the SWGDE. The SWGDE was founded in 1998 by the Federal Crime Laboratory Directors Group, with major members and contributors including the Federal Bureau of Investigation (FBI), Drug Enforcement Administration (DEA), National Aeronautics and Space Administration (NASA), and the Department of Defense (DoD) Computer Forensics Laboratory. Though this document details procedures and practices within a formal computer forensics laboratory setting, the practices can still be applied to non-laboratory investigations by those not currently in, or with access to, such an environment.

The SWGDE's Best Practices for Computer Forensics sheds light on many of the topics covered in the following chapters, including the following:

  • Evidence collection and acquisition
  • Investigating devices that are powered on and off
  • Evidence handling
  • Analysis and reporting

The SWGDE's Best Practices for Computer Forensics Acquisitions (April 2018) can be viewed and downloaded directly from here: https://www.swgde.org/documents/Current%20Documents/SWGDE%20Best%20Practices%20for%20Computer%20Forensic%20Acquisitions

Important note

The SWGDE has a collection of 78 documents (at the time of this publication) that detail the best practices of evidence acquisition, collection, authentication, and examination, which can all be found at https://www.swgde.org/documents/Current%20Documents/SWGDE%20Best%20Practices%20for%20Compu%20ter%20Forensics.

You have been reading a chapter from
Digital Forensics with Kali Linux - Second Edition
Published in: Apr 2020
Publisher: Packt
ISBN-13: 9781838640804
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at AU $24.99/month. Cancel anytime