You're reading from Digital Forensics with Kali Linux Perform data acquisition, data recovery, network forensics, and malware analysis with Kali Linux 2019.x

Product type Paperback

Published in Apr 2020

Publisher Packt

ISBN-13 9781838640804

Length 334 pages

Edition 2nd Edition

Tools

Kali Linux

Concepts

Forensics

Author (1):

Shiva V. N. Parasram

View More author details

Table of Contents (17) Chapters

Preface

1. Section 1: Kali Linux – Not Just for Penetration Testing

2. Chapter 1: Introduction to Digital Forensics FREE CHAPTER

3. Chapter 2: Installing Kali Linux

4. Section 2: Forensic Fundamentals and Best Practices

5. Chapter 3: Understanding Filesystems and Storage Media

6. Chapter 4: Incident Response and Data Acquisition

7. Section 3: Forensic Tools in Kali Linux

8. Chapter 5: Evidence Acquisition and Preservation with dc3dd and Guymager

9. Chapter 6: File Recovery and Data Carving with foremost, Scalpel, and bulk_extractor

10. Chapter 7: Memory Forensics with Volatility

11. Chapter 8: Artifact Analysis

12. Section 4: Automated Digital Forensic Suites

13. Chapter 9: Autopsy

14. Chapter 10: Analysis with Xplico

15. Chapter 11: Network Analysis

16. Other Books You May Enjoy

Image acquisition using Guymager

Guymager is another standalone acquisition tool that can be used for creating forensic images and performing disk cloning. Developed by Guy Voncken, Guymager is completely open source, has many of the same features of dc3dd, and is also only available for Linux-based hosts. While some investigators may prefer CLI tools, Guymager is a GUI tool and is for beginners, so it may be preferable.

For this acquisition, I'll use the very same 2-GB flash drive used in the dc3dd examples, at the end of which we can compare results.

As previously done in the dc3dd acquisition, we should first ensure that we are familiar with the devices attached to our machine, using the fdisk -l or sudo fdisk -l command.

Running Guymager

Guymager can be started by using the menu in Kali Linux. Click on Applications on the side menu, then click on Forensics and scroll down to Guymager:

Figure 5.35 – Screenshot to the Forensic Tool menu...