You're reading from Digital Forensics with Kali Linux Perform data acquisition, data recovery, network forensics, and malware analysis with Kali Linux 2019.x

Product type Paperback

Published in Apr 2020

Publisher Packt

ISBN-13 9781838640804

Length 334 pages

Edition 2nd Edition

Tools

Kali Linux

Concepts

Forensics

Author (1):

Shiva V. N. Parasram

View More author details

Table of Contents (17) Chapters

Preface

1. Section 1: Kali Linux – Not Just for Penetration Testing

2. Chapter 1: Introduction to Digital Forensics FREE CHAPTER

3. Chapter 2: Installing Kali Linux

4. Section 2: Forensic Fundamentals and Best Practices

5. Chapter 3: Understanding Filesystems and Storage Media

6. Chapter 4: Incident Response and Data Acquisition

7. Section 3: Forensic Tools in Kali Linux

8. Chapter 5: Evidence Acquisition and Preservation with dc3dd and Guymager

9. Chapter 6: File Recovery and Data Carving with foremost, Scalpel, and bulk_extractor

10. Chapter 7: Memory Forensics with Volatility

11. Chapter 8: Artifact Analysis

12. Section 4: Automated Digital Forensic Suites

13. Chapter 9: Autopsy

14. Chapter 10: Analysis with Xplico

15. Chapter 11: Network Analysis

16. Other Books You May Enjoy

Digital forensics methodology

Keeping in mind that forensics is a science, digital forensics requires appropriate best practices and procedures to be followed in an effort to produce the same results time and time again, providing proof of evidence, preservation, and integrity that can be replicated, if called upon to do so.

Although many people may not be performing digital forensics to be used as evidence in a court of law, it is best to practice in such a way as can be accepted and presented in a court of law. The main purpose of adhering to best practices set by organizations specializing in digital forensics and incident response is to maintain the integrity of the evidence for the duration of the investigation. In the event that the investigator's work must be scrutinized and critiqued by another or an opposing party, the results found by the investigator must be able to be recreated, thereby proving the integrity of the investigation. The purpose of this is to ensure that your methods can be repeated and, if dissected or scrutinized, produce the same results time and again. The methodology used, including the procedures and findings of your investigation, should always allow for the maintenance of the data's integrity, regardless of which tools are used.

The best practices demonstrated in this book ensure that the original evidence is not tampered with, or, in cases of investigating devices and data in a live or production environment, show well-documented proof that necessary steps were taken during the investigation to avoid unnecessary tampering of the evidence, thereby preserving the integrity of the evidence. For those completely new to investigations, I recommend familiarizing yourself with some of the various practices and methodologies available and widely practiced by the professional community.

As such, there exist several guidelines and methodologies that you should adopt, or at least follow, to ensure that examinations and investigations are forensically sound.

The three best practices documents mentioned in this chapter are as follows:

The ACPO Good Practice Guide for Digital Evidence
The Scientific Working Group on Digital Evidence's (SWGDE) Best Practices for Computer Forensics
The Budapest Convention on Cybercrime (CETS No. 185)

Although written in 2012, ACPO, now functioning as the National Police Chiefs' Council (NPCC), put forth a document in a PDF file called the ACPO Good Practice Guide for Digital Evidence regarding best practices when carrying out digital forensics investigations, particularly focusing on evidence acquisition. The ACPO Good Practice Guide for Digital Evidence was then adopted and adhered to by law enforcement agencies in England, Wales, and Northern Ireland, and can be downloaded in its entirety at https://www.npcc.police.uk/documents/FoI%20publication/Disclosure%20Logs/Information%20Management%20FOI/2013/031%2013%20Att%2001%20of%201%20ACPO%20Good%20Practice%20Guide%20for%20Digital%20Evidence%20March%202012.pdf.

Another useful and more recent document, produced in September 2014, on best practices in digital forensics was issued by the SWGDE. The SWGDE was founded in 1998 by the Federal Crime Laboratory Directors Group, with major members and contributors including the Federal Bureau of Investigation (FBI), Drug Enforcement Administration (DEA), National Aeronautics and Space Administration (NASA), and the Department of Defense (DoD) Computer Forensics Laboratory. Though this document details procedures and practices within a formal computer forensics laboratory setting, the practices can still be applied to non-laboratory investigations by those not currently in, or with access to, such an environment.

The SWGDE's Best Practices for Computer Forensics sheds light on many of the topics covered in the following chapters, including the following:

Evidence collection and acquisition
Investigating devices that are powered on and off
Evidence handling
Analysis and reporting

The SWGDE's Best Practices for Computer Forensics Acquisitions (April 2018) can be viewed and downloaded directly from here: https://www.swgde.org/documents/Current%20Documents/SWGDE%20Best%20Practices%20for%20Computer%20Forensic%20Acquisitions

Important note

The SWGDE has a collection of 78 documents (at the time of this publication) that detail the best practices of evidence acquisition, collection, authentication, and examination, which can all be found at https://www.swgde.org/documents/Current%20Documents/SWGDE%20Best%20Practices%20for%20Compu%20ter%20Forensics.

You're reading from Digital Forensics with Kali Linux Perform data acquisition, data recovery, network forensics, and malware analysis with Kali Linux 2019.x

Table of Contents (17) Chapters

Digital forensics methodology

Authors (1)

Other recommended products

Personalised recommendations for you