You're reading from Digital Forensics with Kali Linux Perform data acquisition, data recovery, network forensics, and malware analysis with Kali Linux 2019.x

Product type Paperback

Published in Apr 2020

Publisher Packt

ISBN-13 9781838640804

Length 334 pages

Edition 2nd Edition

Tools

Kali Linux

Concepts

Forensics

Author (1):

Shiva V. N. Parasram

View More author details

Table of Contents (17) Chapters

Preface

1. Section 1: Kali Linux – Not Just for Penetration Testing

2. Chapter 1: Introduction to Digital Forensics FREE CHAPTER

3. Chapter 2: Installing Kali Linux

4. Section 2: Forensic Fundamentals and Best Practices

5. Chapter 3: Understanding Filesystems and Storage Media

6. Chapter 4: Incident Response and Data Acquisition

7. Section 3: Forensic Tools in Kali Linux

8. Chapter 5: Evidence Acquisition and Preservation with dc3dd and Guymager

9. Chapter 6: File Recovery and Data Carving with foremost, Scalpel, and bulk_extractor

10. Chapter 7: Memory Forensics with Volatility

11. Chapter 8: Artifact Analysis

12. Section 4: Automated Digital Forensic Suites

13. Chapter 9: Autopsy

14. Chapter 10: Analysis with Xplico

15. Chapter 11: Network Analysis

16. Other Books You May Enjoy

Summary

In this chapter, we looked at memory forensics and analysis using some of the many plugins available within the Volatility Framework. One of the first and most important steps in working with Volatility is choosing the profile that Volatility will use throughout the analysis. This profile tells Volatility what type of operating system is being used. Once the profile was chosen, we were able to successfully perform process, network, registry, DLL, and even malware analysis using this versatile tool. As we've seen, Volatility can perform several important functions in digital forensics and should be used together with the other tools we've used previously to perform in-depth and detailed forensic analysis and investigations. We also went a bit further in this edition by installing the web interface for the Volatility Framework for those who may prefer a GUI approach to memory analysis.

In our next chapter, we'll move on to another powerful tool that does everything...