You're reading from Digital Forensics with Kali Linux Perform data acquisition, data recovery, network forensics, and malware analysis with Kali Linux 2019.x

Product type Paperback

Published in Apr 2020

Publisher Packt

ISBN-13 9781838640804

Length 334 pages

Edition 2nd Edition

Tools

Kali Linux

Concepts

Forensics

Author (1):

Shiva V. N. Parasram

View More author details

Table of Contents (17) Chapters

Preface

1. Section 1: Kali Linux – Not Just for Penetration Testing

2. Chapter 1: Introduction to Digital Forensics FREE CHAPTER

3. Chapter 2: Installing Kali Linux

4. Section 2: Forensic Fundamentals and Best Practices

5. Chapter 3: Understanding Filesystems and Storage Media

6. Chapter 4: Incident Response and Data Acquisition

7. Section 3: Forensic Tools in Kali Linux

8. Chapter 5: Evidence Acquisition and Preservation with dc3dd and Guymager

9. Chapter 6: File Recovery and Data Carving with foremost, Scalpel, and bulk_extractor

10. Chapter 7: Memory Forensics with Volatility

11. Chapter 8: Artifact Analysis

12. Section 4: Automated Digital Forensic Suites

13. Chapter 9: Autopsy

14. Chapter 10: Analysis with Xplico

15. Chapter 11: Network Analysis

16. Other Books You May Enjoy

Incident response and first responders

Preserving evidence does not begin only at the acquisition of data, but as early on as the physical viewing of the suspect device. There should be some kind of structured response to the suspected crime or breach in the same way as with a crime reported to the police. A person makes a call to the emergency services who then dispatch the police, fire services, and ambulance personnel, and other first responders who may then escalate the issue to the FBI or other agencies. There should also be a similar chain of command when dealing with reports that require digital investigation.

There are many sources for guidelines, best practices, and cybersecurity strategies, which you should familiarize yourself with. I'd suggest researching your local Computer Emergency Response Team (CERT) and/or Computer Security Incident Response Team (CSIRT) to begin with, such as the US-CERT (https://www.us-cert.gov/resources) and the European Union Agency for...