Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Digital Forensics with Kali Linux
Digital Forensics with Kali Linux

Digital Forensics with Kali Linux: Enhance your investigation skills by performing network and memory forensics with Kali Linux 2022.x , Third Edition

eBook
$24.99 $35.99
Paperback
$44.99
Subscription
Free Trial
Renews at $19.99p/m

What do you get with Print?

Product feature icon Instant access to your digital eBook copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
Table of content icon View table of contents Preview book icon Preview Book

Digital Forensics with Kali Linux

Red, Blue, and Purple Teaming Fundamentals

Welcome to the third edition of Digital Forensics with Kali Linux, and for those of you who may have purchased the previous editions, welcome back. I’d also like to sincerely thank you for once again choosing this exciting title. As with the second edition, this third edition has been updated with new tools, easy-to-follow labs, and a couple of new chapters. We have an exciting journey ahead of us, and I’m pleased to announce the inclusion of some major additions, including the installation of Wine, which will allow us to run Windows tools within Kali Linux and will be covered in its entirety in Chapter 5, Installing Wine in Kali Linux. Chapter 10, Memory Forensics and Analysis with Volatility 3, is also brand-new and shows how to perform RAM artifact analysis on newer operating systems. Another new chapter on using the Autopsy v4 Graphical User Interface (GUI) to perform full Digital Forensics and Incident Response (DFIR) analysis and investigations can be found in Chapter 13, Performing a Full DFIR Analysis with the Autopsy 4 GUI.

Besides these major additions, we will also look at some new topics, such as creating a portable Kali Linux box using Raspberry Pi 4 and learning about tools such as DD-rescue, scrounge-ntfs, Magic Rescue, PDF-Parser, Timeliner, netdiscover, and introduce Shodan.io and apackets.com for Internet of Things (IoT) discovery and packet analysis.

For this book, we take a very structured approach to digital forensics, as we would in forensic science. First, we will stroll into the world of digital forensics, its history, and some of the tools and operating systems used for forensics, and we will immediately introduce you to the concepts involved in evidence preservation.

With that said, we have a lot to cover and will start by learning about Kali and the various cybersecurity teams and the differences between red, blue, and purple teaming. For our returning and advanced readers who may have prior knowledge of Kali Linux and the respective teams, feel free to skim through the first two chapters and get straight into the practical aspects in Chapter 3, Installing Kali Linux, Chapter 4, Additional Kali Installations and Post-Installation Tasks, and Chapter 5, Installing Wine in Kali Linux, which detail the installations of Kali and Wine.

In this chapter we will cover the following key topics:

  • What is Kali Linux?
  • Understanding red teaming
  • Understanding blue teaming
  • Understanding purple teaming

Before we get started with these topics, the following is a sneak peek at how I got into the world of Kali Linux, as I feel some of you will be able to relate to my story!

How I got started with Kali Linux

Digital forensics has had my attention for well over 15 years. Ever since I was given my first PC (thanks, Mom and Dad), I’ve always wondered what happened when I deleted my files from my massively large 2 GB (Gigabyte) hard drive or moved my files to (and often hid them on) a less-than-inconspicuous 3.5-inch floppy diskette that maxed out at 1.44 MB (Megabytes) in capacity.

I soon learned that hard and floppy disk drives did not possess the digital immortality I so confidently believed in. Sadly, many files, documents, and priceless fine art created in Microsoft Paint by yours truly were lost to the digital afterlife, never to be retrieved again. Sigh. The world shall never know.

It wasn’t until years later that I came across an article on file recovery and associated tools while browsing the magical World Wide Web (WWW) on my lightning-fast 42 Kbps dial-up internet connection (made possible by my very expensive USRobotics dial-up modem), which sang the tune of the technology gods every time I tried to connect to the realm of the internet. This process involved a stealthy ninja-like skill that would make even a black-ops team envious, as it involved doing so without my parents noticing, as this would prevent them from using the telephone line to make or receive phone calls (apologies, dear Mother, Father, and older teenage sister).

The previous article on data recovery wasn’t anywhere near as detailed and fact-filled as the many great peer-reviewed papers, journals, and books on digital forensics widely available today. As a total novice (also referred to as a noob) in the field, I did learn a great deal about the basics of file systems, data and metadata, storage measurements, and the workings of various storage media. It was at this time that, even though I had read about the Linux operating system and its various distributions (or distros), I began to get an understanding of why Linux distros were popular for data recovery and forensics.

I managed to bravely download the Auditor and Slax Linux distributions, again on a dial-up connection. Just downloading these operating systems was quite a feat, which left me feeling highly accomplished as I did not have any clue as to how to install them, let alone actually use them. In those days, easy installation and GUIs were still under heavy development, as user-friendly, or in my case, user-unfriendly, as they were at the time (mostly due to my inexperience, lack of recommended hardware, and also lack of resources, such as online forums, blogs, and YouTube, which I did not yet know about).

As time passed, I researched many tools found on various platforms for Windows, Macintosh, and many Linux distributions. I found that many of the tools used in digital forensics could be installed on various Linux distributions or flavors, and many of these tools were well maintained, constantly being developed, and widely accepted by peers in the field. Kali Linux is a Linux distribution or flavor, but before we go any further, let me explain the concept of a Linux distribution or flavor. Consider your favorite beverage: this beverage can come in many flavors, some without sweeteners or sugar, in different colors, and even in various sizes. No matter the variations, it’s still the basic ingredients that comprise the beverage at the core. In this way, too, we have Linux and then different types and varieties of Linux. Some more popular Linux distros and flavors include RedHat, CentOS, Ubuntu, Mint, KNOPPIX, and, of course, Kali Linux. More on Kali Linux will be discussed in Chapter 3, Installing Kali Linux.

With that said, let’s move on to our next section as we get started with exploring the enchanting world of Kali Linux!

What is Kali Linux?

Kali Linux is a Debian-based operating system used globally by cyber security professionals, students, and IT enthusiasts. Debian is a flavor of Linux that is completely free, stable, constantly updated, supports many types of hardware, and is also used by popular operating systems such as Ubuntu and Zorin. Kali Linux is certainly not new to the cybersecurity field and even goes back to the mid-2000s, but it was known then as BackTrack, which was a combination of two platforms called Auditor Security and Whax. This merge happened in 2006, with subsequent versions of BackTrack being released up to 2011 when BackTrack 5, based on Ubuntu 10.04, was released.

In 2013, Offensive Security released the first version of Kali v1 (Moto), which was based on Debian 7, and then Kali v2 in 2015, which was based on Debian 8. Following this, Kali Linux Rolling was released in 2016, with the names of the distribution reflecting both the year of release and the major update of the quarterly period. For example, at the time of writing, I use Kali 2022.3 and 2022.4, both based on recent versions of Debian. You can find more on the open source and free Debian Project at https://www.debian.org/intro/about.

As a cybersecurity professional, a Chief Information Security Officer (CISO), penetration tester (pentester), and subject matter expert in DFIR, I have used BackTrack and now Kali Linux for well over a decade since I first came across it when I started studying for the Certified Ethical Hacker exam in 2006. Since then, I’ve used a myriad of operating systems for pentesting and digital forensics, but my main tool of choice, particularly for pentesting, is Kali Linux. Although Kali Linux has focused less on DFIR and more on penetration testing, it makes it much easier for me to have both penetration testing and DFIR tools on one platform rather than have to switch between them.

For our readers who may have purchased the first and second editions of this book, I’d say you’re certainly in for a treat as I’ve not only updated many labs and introduced new tools in this edition, but I’ve also included a chapter on installing Wine in Kali Linux. Windows Emulator (Wine) allows you to run Windows applications in Kali Linux. Although it takes a bit of configuration, I’ve compiled a step-by-step guide on how to install Wine in Chapter 5, Installing Wine in Kali Linux.

Some of you may be wondering why we would install Wine instead of simply using a Windows machine. There are quite a few valid reasons actually. Firstly, cost is a major factor. Windows licenses aren’t cheap if you’re a student, in between jobs, changing careers, or live in a region where the exchange rate and forex are limiting factors in purchasing licensing. At the time of writing, the cost of a Windows 10 Professional license is $199.00, as listed on Microsoft’s site at https://www.microsoft.com/en-us/d/windows-10-pro/df77x4d43rkt?activetab=pivot:overviewtab.

Although we will not be using commercial tools in this book, there are some amazing free DFIR tools that are available for Windows, such as Belkasoft RAM Capturer, Autopsy 4 GUI, and NetworkMiner, which we can now install within our open source Kali Linux environment instead of on a licensed Windows machine. These tools will be covered in detail in Chapter 8, Evidence Acquisition Tools, Chapter 13, Performing a Full DFIR Analysis with the Autopsy 4 GUI, and Chapter 16, Network Forensic Analysis Tools, respectively.

Another consideration is that Wine again saves us the hassle of having to switch between physical machines and can also save on resource utilization such as Random Access Memory (RAM), Central Processing Unit (CPU), Hard Disk Drive (HDD) space, and other resources when using virtual machines, which we will discuss more in detail in the next chapter.

Finally, we can install many other Windows applications in Kali Linux using tools, whether they be productivity tools or even tools for penetration testing, thus making our Kali Linux installation the perfect purple teaming operating system environment, which we will discuss later in this chapter.

Why is Kali Linux so popular?

Aside from being one of the oldest, InfoSec distros (distributions), Kali Linux has a very large support base, and you can find thousands of tutorials on installation, using built-in tools, and installing additional tools on YouTube, TikTok, and the internet at large, making it one of the more user-friendly platforms.

Kali Linux also comes with over 600 tools, all of which are nicely categorized in Kali’s Applications menu. Many of the tools included in Kali can perform various cybersecurity tasks ranging from Open Source Intelligence (OSINT), scanning, vulnerability assessments, exploitation and penetration testing, office and productivity tools, and, of course, DFIR. The full listing of tools can be found at https://www.kali.org/tools/all-tools/.

The following screenshot gives a preview of the category listings in the Kali Linux menu.

Figure 1.1 – Category listing in the Kali Linux menu

Figure 1.1 – Category listing in the Kali Linux menu

Kali Linux users also have the option to download and install (meta)packages manually rather than downloading a very large installation file. Kali Linux (meta)packages contain tools and dependencies that may be specific to an assessment or task, such as information gathering, vulnerability assessments, wireless hacking, and forensics. Alternatively, a user can download the kali-linux-everything (meta)package. We’ll go into more detail about (meta)package installations in Chapter 4, Additional Kali Installations and Post-Installation Tasks, but if you’d like to know more about what (meta)packages exist, you can find the full listing at https://www.kali.org/docs/general-use/metapackages/.

Yet another reason why Kali Linux is so popular is that there are several versions available for a multitude of physical, virtual, mobile, and portable devices. Kali is available as a standalone operating system image and can also be installed virtually using their pre-built images for virtual platforms such as VMware and VirtualBox, which will be covered in detail in Chapter 3, Installing Kali Linux, and Chapter 4, Additional Kali Installations and Post-Installation Tasks. There are also versions of Kali for ARM devices, cloud instances, and even the ability to run Kali Linux in Windows 10 under the Windows Subsystem for Linux (WSL). On a personal note, I also use the mobile version of Kali Linux called Kali NetHunter on an old OnePlus phone and also on a Raspberry Pi 4, which, when connected to a power bank, serve as the ultimate portable security assessment toolkit. As far as installation on mobile phones goes, NetHunter (and even Kali Linux itself in some cases) can be installed on a variety of phones from Samsung, Nokia, OnePlus, Sony, Xiaomi, Google, or ZTE. We’ll look at installing Kali Linux in VirtualBox and Raspberry Pi 4 in Chapter 4, Additional Kali Installations and Post-Installation Tasks.

The fact that Kali Linux offers all these features for free and can be easily upgraded with the addition of new tools just a couple of clicks and commands away makes it the perfect purple teaming solution. Let’s take a look at red, blue, and purple teaming and the skillsets required for each team.

Understanding red teaming

Possibly the most commonly known team among users of Kali Linux, the red team is the name given to the collective of individuals responsible for handling the offensive side of security as it relates to OSINT, scanning, vulnerability assessments, and the penetration testing of resources, including but not limited to individuals, companies, host end users (desktops, laptops, mobiles), and network and critical infrastructure such as servers, routers, switches, firewalls, NAS, databases, WebApps, and portals. There are also systems such as IoT, Operational Technology (OT) devices, and Industrial Control Systems (ICS), which also require assessments by highly skilled red teamers.

Red teamers are generally thought of as highly skilled ethical hackers and penetration testers who, apart from having the skill sets to conduct the assessments listed previously, may also have the technical certifications that allow them to do so. Although certifications may not directly reflect the abilities of the individuals, they have been known to aid in obtaining jobs.

Some red teaming certifications include (but are not limited to):

  • Offensive Security Certified Professional (OSCP): Developed by the creators of Kali Linux
  • Certified Ethical Hacker (CEH): From the EC-Council
  • Practical Network Penetration Tester (PNPT): Developed by TCM Security
  • Pentest+: By CompTIA
  • SANS SEC: Courses from the SANS Institute
  • e-Learn Junior Penetration Tester (eJPT): Developed by e-Learn Security for beginners interested in becoming red teamers

Ultimately, all of this knowledge allows red teamers to conduct offensive attacks (with explicit permission) against companies to simulate internal and external threat actors and essentially hack systems and security mechanisms in the same manner in which malicious actors would compromise and exploit the attack surface of an individual, company, or valued asset.

Kali Linux generally contains all the tools required to perform almost all types of offensive security and red teaming assessments. On a personal note, Kali Linux is my go-to operating system of choice for penetration testing as most of the tools required for fingerprinting, reconnaissance, OSINT, vulnerability assessments, exploitation, and reporting are all readily available and preinstalled on the platform. I’ve been using Kali to conduct red team exercises for over 12 years and I don’t see that changing anytime soon, as they’ve always maintained the OS and support for tools over the years.

Let’s move on to blue teaming now.

Understanding blue teaming

Blue teamers are generally considered to be on the defensive side rather than the offensive, as previously written about red teamers. While red teamers focus on threat simulation and possible exploitation, blue teamers are the protectors of the realm.

Red and blue teamers are quite similar when considering that the main goal of each team is mainly to protect resources and understand the potential impact and risk associated with breaches and data leaks. The red team may focus on attack techniques, such as the cyber kill chain and penetration testing, whereas the blue team then focuses on ensuring that not only are mechanisms in place to protect against attacks but also that formal policies, procedures, and even frameworks are implemented to assure effective DFIR.

The work of a blue teamer covers far more than that of a red teamer, as blue teamers must analyze threats, understand their risk and impact, implement security and protective measures, understand forensics and incident response, and ensure that effective monitoring, response services, and measures are implemented. It also certainly helps if a blue teamer has the knowledge or experience of a red teamer, as this provides an additional depth of understanding of attack surfaces and threat landscapes.

Blue teamers must also be knowledgeable about a wide scope of technology and analytics. While it is not impossible for people new to IT to get into blue teaming and DFIR, it does require prior knowledge along the lines of a network and systems administrator and also of a security analyst and threat hunter. For example, understanding that systems must be updated and patched accordingly is more of a best practice. The blue teamer will understand why there is a need for patching and also understand that there is much more to be done when hardening devices to reduce attack surfaces while also taking into consideration the possibilities of zero-day exploits and even human weaknesses, which may easily facilitate a breach by a threat actor and then circumvent all technical measures implemented.

It is also not uncommon to see job posts asking that blue teamers be proficient in Security Information and Event Management (SIEM) tools, which provide real-time analysis, monitoring, and alerts that greatly aid in DFIR management and allow for a greater understanding of the level of protection required in maintaining a high-security posture rating when safeguarding data, systems, and assets.

Blue teamers must also accept that their responsibilities do not only apply to internal and external resources but will be extended when considering the threat landscape of the assets to be protected. The threat landscape can be devices, persons, data, and any information that may be useful to an attacker when planning an attack. This is where an in-depth understanding of OSINT comes in. Although previously mentioned as a red teaming skill set, this proves equally important to the blue teamer in being able to scout the internet, social media, and the dark web for any information that could either pose a threat or aid the threat actor in some way.

A good example would be to search the dark web for breach databases where the blue teamer (after taking all necessary precautions to protect themselves) browses the dark web in search of compromised emails or Virtual Private Network (VPN) credentials of the company they work for. The blue teamer may also use a site such as Shodan.io, which we will cover later on in this book, to find accessible devices from an external perspective, such as external access to firewalls, servers, and CCTV cameras. All of the preceding scenarios aid the blue teamer in developing what is known as a threat profile, which, while not directly focusing on internal and external assets, will still compile potential threats and even Indicators of Compromise (IoC) found externally.

A great free resource for learning OSINT is TCM Academy’s free 4-hour course on YouTube, which can be found here https://www.youtube.com/watch?v=qwA6MmbeGNo.

Although many of the previously mentioned skills are learned via research and countless hours digging, looking at YouTube videos, and attending specialized courses. I’ve listed just a few certifications that may assist in furthering your studies and career in blue teaming and DFIR.

Some blue teaming certifications include (but are not limited to):

  • Computer Hacking Forensic Investigator (CHFI) from EC-Council
  • Certified Cloud Security Engineer (CCSE) from EC-Council
  • Certified Forensic Computer Examiner (CFEC) from IACIS
  • GIAC Certified Forensics Examiner (GFCE) from SANS

We will look at the tools required to be a DFIR investigator and analyst in more detail throughout this book. Although we won’t be going into detail about commercial tools used, I will mention some that you may wish to look into at some point if heading into a career in DFIR or as a blue teamer, although the open source tools covered in this book are more than enough to get you started and conduct entire DFIR investigations as long as the best practices and procedures are followed.

It is also of paramount importance that DFIR investigators and analysts understand the importance of following best practices and procedures in evidence collection, acquisition, analysis, and documentation, as the integrity of the evidence and case could be easily compromised. Analysis of evidence and results in reports should also be repeatable, meaning that other DFIR investigators and analysts should be able to repeat the tests performed and produce the same results as you.

In this regard, blue teamers should have a detailed and well-documented plan of action along with knowledge of purpose-specific tools. There are many freely available and well-documented best practices and frameworks for blue teams, some of which we’ll look at in the next chapter.

Let’s briefly look at an overview of the tools you may be required to use in a DFIR investigation, which are all covered in this book. The following list gives a one-liner for a specific task and the tools used to achieve the task. Think of this as a blue team cheat sheet where open source tools are concerned. Feel free to also make a copy of this page to use as a reference sheet for your forensics and incident response fieldwork:

  • Forensic operating systems for DFIR – our customized version of Kali Linux, CSI Linux, and CAINE
  • Creating a live bootable USB with Kali Linux – Rufus and Etcher
  • Creating a portable version of Kali Linux for Raspberry Pi – Imager (Pi Imager)
  • Installing Windows tools in Kali – Wine
  • Memory acquisition – FTK Imager and Belkasoft RAM Capturer
  • Evidence and drive acquisition – DD, DC3DD, Guymager, and FTK Imager
  • File recovery and data carving – Foremost, Magic Rescue, DD-Rescue, Scalpel, and Bulk_extractor
  • PDF forensics – pdfparser
  • NTFS drive recovery – scrounge-ntfs
  • Memory/RAM analysis – Volatility 3
  • Operating system identification – p0f
  • Live Linux forensics – Linux Explorer
  • Artifact discovery – swap_digger, mimipenguin, and pdgmail
  • Browser-based forensic analysis tool – Autopsy Forensic Browser
  • Complete forensic analysis tool – Autopsy 4
  • Network discovery tools – netdiscover and nmap
  • IoT search engine – Shodan.io
  • Browser-based network packet capture analysis – Xplico
  • Automated network packet capture analysis – Network Miner and PcapXray
  • Online Pcap Analysis tools – packettotal.com, apackets.com

Next, let’s have a look at purple teaming.

Understanding purple teaming

We can now have our cybersecurity moment of Zen as we get into purple teaming. The term purple teaming refers to the combination of skill sets in red and blue teaming. The color purple can also be achieved by mixing the colors red and blue, hence the name purple teaming. Looking back at all the skill sets and certifications mentioned in the red and blue teaming sections, it may seem like an impossible accomplishment; however, I guarantee you that there are many purple teamers out there who started as novices and ended up as professionals, myself included.

When I started my journey in cybersecurity in the early 2000s, I was far more interested in ethical hacking and pentesting (red teaming) at that point in time and spent many a night in front of my desktop reading, researching, and using the very limited tools available at that time. It was not until perhaps 2008 that I decided to get into DFIR and became very interested in the field of forensics, to the point where I started to teach the CHFI course alongside the CEH course.

Every time I thought to myself that I’d specialize in one, I’d come across a new tool that would point me in the direction of the other. Thankfully, this all worked out in my favor as I soon realized that red and blue teaming overlap in many aspects and also that there was never a point where I could say that what I had already learned was enough. My point here is that cybersecurity is such a dynamic field with so many paths that you can never know just enough. There is always some new exploit, an investigative tool, or an incident response procedure to learn, and it’s up to you to decide whether you would like to specialize in one field or continue to learn and grow as I did and apply your knowledge when necessary.

Fast forward to today, and I’m the owner of the Computer Forensics and Security Institute, where I not only lead a purple team but I’m also the lead penetration tester as well as the lead forensic and incident response investigator. Again, it is very much possible to be well versed in both fields once you commit to it.

In this regard, I can comfortably state that Kali Linux is the perfect place to get started, as it offers the best tools for purple teaming. Let’s have a sneak peek at some of the exploitation (red teaming tools) available to us, which are all preinstalled with any version of Kali.

This is just a snippet of the tools within the Exploitation menu of Kali; however, I use the metasploit framework, the msf payload creator, and the social engineering toolkit (root) religiously for red team assessments.

Figure 1.2 – Tools within the Exploitation menu

Figure 1.2 – Tools within the Exploitation menu

Now let’s have a look at the Forensic menu in Kali Linux:

Figure 1.3 – Tools within the Forensics menu

Figure 1.3 – Tools within the Forensics menu

Again, these are just some of the forensics tools, as the others can also be found by viewing the All Applications menu, which we will explore in Chapter 3, Installing Kali Linux. Kali Linux is one of the few user-friendly platforms that offers a variety of tools for purple teaming, and I look forward to showing you how to effectively use many of them in the coming chapters.

In Chapter 3, Installing Kali Linux, I’ll show you, step by step, how to set up Kali Linux in a safe, virtual test environment where we can use our tools and download sample files for analysis. Although this virtual machine will be connected to the internet, we will use it in a sandboxed environment to ensure that it does not affect your production environment. In Chapter 5, Installing Wine in Kali Linux, I will also walk you through the process of installing Wine in Kali Linux to help build your ultimate blue and purple team arsenal of tools that will now combine the best open source Windows and Linux tools.

Now that we’ve looked at the differences between red, blue, and purple teaming, we will be moving on to understand digital forensics and also have a look at other forensic platforms and some commercial tools and quite importantly, gain some insight into forensic frameworks in Chapter 2, Introduction to Digital Forensics.

Summary

In this chapter, we were introduced to Kali Linux’s Debian-based operating system and its usefulness in the world of cybersecurity. We also learned about the different teams in cybersecurity, such as red teams, comprised of individuals concerned with offensive security and ethical hacking, such as penetration testers, and blue teams, comprised of individuals concerned with defending networks and data, such as forensic investigators. We also learned that having both red and blue teaming skill sets and experience puts an individual into the highly skilled purple team, which suggests that the individual is versed in a wide range of tools for vulnerability assessments, penetration testing, and also incident response and digital forensics, many of which can be found in Kali Linux.

Next, we will dive a bit deeper into digital forensics, look at other forensic operating systems, and learn about forensic frameworks and commonly used open source and commercial tools. See you in the next chapter!

Left arrow icon Right arrow icon
Download code icon Download Code

Key benefits

  • Gain red, blue, and purple team tool insights and understand their link with digital forensics
  • Perform DFIR investigation and get familiarized with Autopsy 4
  • Explore network discovery and forensics tools such as Nmap, Wireshark, Xplico, and Shodan

Description

Kali Linux is a Linux-based distribution that's widely used for penetration testing and digital forensics. This third edition is updated with real-world examples and detailed labs to help you take your investigation skills to the next level using powerful tools. This new edition will help you explore modern techniques for analysis, extraction, and reporting using advanced tools such as FTK Imager, Hex Editor, and Axiom. You’ll cover the basics and advanced areas of digital forensics within the world of modern forensics while delving into the domain of operating systems. As you advance through the chapters, you'll explore various formats for file storage, including secret hiding places unseen by the end user or even the operating system. You’ll also discover how to install Windows Emulator, Autopsy 4 in Kali, and how to use Nmap and NetDiscover to find device types and hosts on a network, along with creating forensic images of data and maintaining integrity using hashing tools. Finally, you'll cover advanced topics such as autopsies and acquiring investigation data from networks, memory, and operating systems. By the end of this digital forensics book, you'll have gained hands-on experience in implementing all the pillars of digital forensics: acquisition, extraction, analysis, and presentation – all using Kali Linux's cutting-edge tools.

Who is this book for?

This book is for students, forensic analysts, digital forensics investigators and incident responders, security analysts and administrators, penetration testers, or anyone interested in enhancing their forensics abilities using the latest version of Kali Linux along with powerful automated analysis tools. Basic knowledge of operating systems, computer components, and installation processes will help you gain a better understanding of the concepts covered.

What you will learn

  • Install Kali Linux on a Raspberry Pi4 and various other platforms
  • Run Windows applications in Kali Linux using Windows Emulator as WINE
  • Learn the importance of RAM, filesystem, data, and Cache in DFIR
  • Perform file recovery, data carving, and extraction using Magic Rescue
  • Explore the latest Volatility 3 framework and analyze the memory dump
  • Explore various ransomware types and discover artifacts for DFIR investigation
  • Perform full DFIR automated analysis with Autopsy 4
  • Become familiar with Network Forensic Analysis Tools (NFAT)
  • Become well-versed in incident response procedures and best practices
Estimated delivery fee Deliver to Egypt

Standard delivery 10 - 13 business days

$12.95

Premium delivery 3 - 6 business days

$34.95
(Includes tracking information)

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Apr 14, 2023
Length: 414 pages
Edition : 3rd
Language : English
ISBN-13 : 9781837635153
Category :
Concepts :
Tools :

What do you get with Print?

Product feature icon Instant access to your digital eBook copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
Estimated delivery fee Deliver to Egypt

Standard delivery 10 - 13 business days

$12.95

Premium delivery 3 - 6 business days

$34.95
(Includes tracking information)

Product Details

Publication date : Apr 14, 2023
Length: 414 pages
Edition : 3rd
Language : English
ISBN-13 : 9781837635153
Category :
Concepts :
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
$19.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
$199.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts
$279.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total $ 149.97
Digital Forensics and Incident Response
$54.99
Digital Forensics with Kali Linux
$44.99
Learn Computer Forensics – 2nd edition
$49.99
Total $ 149.97 Stars icon

Table of Contents

23 Chapters
Part 1: Blue and Purple Teaming Fundamentals Chevron down icon Chevron up icon
Chapter 1: Red, Blue, and Purple Teaming Fundamentals Chevron down icon Chevron up icon
Chapter 2: Introduction to Digital Forensics Chevron down icon Chevron up icon
Chapter 3: Installing Kali Linux Chevron down icon Chevron up icon
Chapter 4: Additional Kali Installations and Post-Installation Tasks Chevron down icon Chevron up icon
Chapter 5: Installing Wine in Kali Linux Chevron down icon Chevron up icon
Part 2: Digital Forensics and Incident Response Fundamentals and Best Practices Chevron down icon Chevron up icon
Chapter 6: Understanding File Systems and Storage Chevron down icon Chevron up icon
Chapter 7: Incident Response, Data Acquisitions, and DFIR Frameworks Chevron down icon Chevron up icon
Part 3: Kali Linux Digital Forensics and Incident Response Tools Chevron down icon Chevron up icon
Chapter 8: Evidence Acquisition Tools Chevron down icon Chevron up icon
Chapter 9: File Recovery and Data Carving Tools Chevron down icon Chevron up icon
Chapter 10: Memory Forensics and Analysis with Volatility 3 Chevron down icon Chevron up icon
Chapter 11: Artifact, Malware, and Ransomware Analysis Chevron down icon Chevron up icon
Part 4: Automated Digital Forensics and Incident Response Suites Chevron down icon Chevron up icon
Chapter 12: Autopsy Forensic Browser Chevron down icon Chevron up icon
Chapter 13: Performing a Full DFIR Analysis with the Autopsy 4 GUI Chevron down icon Chevron up icon
Part 5: Network Forensic Analysis Tools Chevron down icon Chevron up icon
Chapter 14: Network Discovery Tools Chevron down icon Chevron up icon
Chapter 15: Packet Capture Analysis with Xplico Chevron down icon Chevron up icon
Chapter 16: Network Forensic Analysis Tools Chevron down icon Chevron up icon
Index Chevron down icon Chevron up icon
Other Books You May Enjoy Chevron down icon Chevron up icon

Customer reviews

Top Reviews
Rating distribution
Full star icon Full star icon Full star icon Full star icon Half star icon 4.4
(11 Ratings)
5 star 72.7%
4 star 9.1%
3 star 9.1%
2 star 0%
1 star 9.1%
Filter icon Filter
Top Reviews

Filter reviews by




esgar jimenez Jun 01, 2023
Full star icon Full star icon Full star icon Full star icon Full star icon 5
As a Digital Forensics professional for 5 years, and in cybersecurity for 9, this book explains the differences between Red, Blue, and Purple Teams. Did a great job covering the versatility of Kali Linux. Also, presented some excellent tools that are not only open source but can be used to get started in the field. The book goes in-depth just enough to provide understanding but not enough to overwhelm the reader with information. Great information.
Amazon Verified review Amazon
Cody May 21, 2023
Full star icon Full star icon Full star icon Full star icon Full star icon 5
For those new to digital forensics or Linux, this book will be extremely useful from front to back without being overwhelming or difficult to understand. Everything is covered from the most basic topics such as identifying storage devices, to acquiring data from the target/evidentiary media and performing simple data recovery and analysis.For those who are already professional level forensic examiners… if Kali isn’t part of your toolbox yet, this is a good way to add it. The latter chapters even cover several subjects often left out of other forensic books such as malware, ransomware, identifying devices on a network, and network traffic/packet analysis.
Amazon Verified review Amazon
John R. Jun 27, 2023
Full star icon Full star icon Full star icon Full star icon Full star icon 5
I enjoyed this book and found it to be a great resource. It covers a vast array of many digital forensic tools and approaches that are standards in the industry. The best aspect of this book compared to other similar books is the way the topics are outlined, introduced, and are presented in a logical order. This really makes each chapter make sense and build successfully off one another.
Amazon Verified review Amazon
Agustin Jun 21, 2023
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Kali Linux is turning to be a must have for every cyber security professional out there since it is so versatile and has every tool you can think of built in to perform penetration testing but also forensics. This book will help you unlock that knowledge and capabilities to perform DFIR actions with free tools!
Amazon Verified review Amazon
CRF May 29, 2023
Full star icon Full star icon Full star icon Full star icon Full star icon 5
"Digital Forensics with Kali Linux" is an invaluable resource for both aspiring and experienced digital forensic professionals. Packed with practical examples, step-by-step tutorials, and real-world case studies, this book provides a comprehensive guide to mastering digital forensics using the powerful tools and capabilities of Kali Linux.One of the standout features of this book is its focus on network and memory forensics, which are critical areas in modern cyber investigations. The authors present a detailed exploration of network forensics, including packet capture analysis, intrusion detection, and network traffic analysis. They delve into the intricacies of memory forensics, covering memory acquisition techniques, analyzing volatile data, and investigating malicious code in memory. These topics are of utmost importance in today's cyber landscape, and the book does an excellent job of equipping readers with the necessary skills.The authors' expertise shines through in their clear and concise writing style, making complex concepts accessible to readers with varying levels of technical knowledge. They provide a solid foundation in digital forensics principles and methodology before delving into the practical aspects of using Kali Linux. This makes the book suitable for both beginners and more advanced practitioners seeking to deepen their understanding of the field.One of the strengths of this book is its hands-on approach. Each chapter is filled with practical exercises and lab scenarios, allowing readers to apply the knowledge gained and reinforce their learning. The inclusion of command-line instructions, screenshots, and code snippets makes it easier to follow along and replicate the techniques demonstrated. Furthermore, the book highlights common challenges and provides troubleshooting tips, helping readers overcome hurdles they may encounter during investigations.While the book is primarily focused on Kali Linux 2022.x, the authors do an admirable job of ensuring that the concepts and techniques discussed remain relevant and adaptable to future versions. Digital forensics is a rapidly evolving field, and the authors acknowledge this by emphasizing the importance of staying updated and adapting to changing technologies and methodologies.In conclusion, "Digital Forensics with Kali Linux” an excellent resource for individuals interested in digital forensics and cyber investigations. The book strikes a fine balance between theory and hands-on practice, providing readers with the necessary tools and knowledge to navigate the intricate world of digital forensics using Kali Linux. Whether you are a beginner or an experienced professional, this book will undoubtedly enhance your investigation skills and serve as a valuable reference in your digital forensic journey.
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is the delivery time and cost of print book? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela
What is custom duty/charge? Chevron down icon Chevron up icon

Customs duty are charges levied on goods when they cross international borders. It is a tax that is imposed on imported goods. These duties are charged by special authorities and bodies created by local governments and are meant to protect local industries, economies, and businesses.

Do I have to pay customs charges for the print book order? Chevron down icon Chevron up icon

The orders shipped to the countries that are listed under EU27 will not bear custom charges. They are paid by Packt as part of the order.

List of EU27 countries: www.gov.uk/eu-eea:

A custom duty or localized taxes may be applicable on the shipment and would be charged by the recipient country outside of the EU27 which should be paid by the customer and these duties are not included in the shipping charges been charged on the order.

How do I know my custom duty charges? Chevron down icon Chevron up icon

The amount of duty payable varies greatly depending on the imported goods, the country of origin and several other factors like the total invoice amount or dimensions like weight, and other such criteria applicable in your country.

For example:

  • If you live in Mexico, and the declared value of your ordered items is over $ 50, for you to receive a package, you will have to pay additional import tax of 19% which will be $ 9.50 to the courier service.
  • Whereas if you live in Turkey, and the declared value of your ordered items is over € 22, for you to receive a package, you will have to pay additional import tax of 18% which will be € 3.96 to the courier service.
How can I cancel my order? Chevron down icon Chevron up icon

Cancellation Policy for Published Printed Books:

You can cancel any order within 1 hour of placing the order. Simply contact customercare@packt.com with your order details or payment transaction id. If your order has already started the shipment process, we will do our best to stop it. However, if it is already on the way to you then when you receive it, you can contact us at customercare@packt.com using the returns and refund process.

Please understand that Packt Publishing cannot provide refunds or cancel any order except for the cases described in our Return Policy (i.e. Packt Publishing agrees to replace your printed book because it arrives damaged or material defect in book), Packt Publishing will not accept returns.

What is your returns and refunds policy? Chevron down icon Chevron up icon

Return Policy:

We want you to be happy with your purchase from Packtpub.com. We will not hassle you with returning print books to us. If the print book you receive from us is incorrect, damaged, doesn't work or is unacceptably late, please contact Customer Relations Team on customercare@packt.com with the order number and issue details as explained below:

  1. If you ordered (eBook, Video or Print Book) incorrectly or accidentally, please contact Customer Relations Team on customercare@packt.com within one hour of placing the order and we will replace/refund you the item cost.
  2. Sadly, if your eBook or Video file is faulty or a fault occurs during the eBook or Video being made available to you, i.e. during download then you should contact Customer Relations Team within 14 days of purchase on customercare@packt.com who will be able to resolve this issue for you.
  3. You will have a choice of replacement or refund of the problem items.(damaged, defective or incorrect)
  4. Once Customer Care Team confirms that you will be refunded, you should receive the refund within 10 to 12 working days.
  5. If you are only requesting a refund of one book from a multiple order, then we will refund you the appropriate single item.
  6. Where the items were shipped under a free shipping offer, there will be no shipping costs to refund.

On the off chance your printed book arrives damaged, with book material defect, contact our Customer Relation Team on customercare@packt.com within 14 days of receipt of the book with appropriate evidence of damage and we will work with you to secure a replacement copy, if necessary. Please note that each printed book you order from us is individually made by Packt's professional book-printing partner which is on a print-on-demand basis.

What tax is charged? Chevron down icon Chevron up icon

Currently, no tax is charged on the purchase of any print book (subject to change based on the laws and regulations). A localized VAT fee is charged only to our European and UK customers on eBooks, Video and subscriptions that they buy. GST is charged to Indian customers for eBooks and video purchases.

What payment methods can I use? Chevron down icon Chevron up icon

You can pay with the following card types:

  1. Visa Debit
  2. Visa Credit
  3. MasterCard
  4. PayPal
What is the delivery time and cost of print books? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela