You're reading from Digital Forensics with Kali Linux Perform data acquisition, data recovery, network forensics, and malware analysis with Kali Linux 2019.x

Product type Paperback

Published in Apr 2020

Publisher Packt

ISBN-13 9781838640804

Length 334 pages

Edition 2nd Edition

Tools

Kali Linux

Concepts

Forensics

Author (1):

Shiva V. N. Parasram

View More author details

Table of Contents (17) Chapters

Preface

1. Section 1: Kali Linux – Not Just for Penetration Testing

2. Chapter 1: Introduction to Digital Forensics FREE CHAPTER

3. Chapter 2: Installing Kali Linux

4. Section 2: Forensic Fundamentals and Best Practices

5. Chapter 3: Understanding Filesystems and Storage Media

6. Chapter 4: Incident Response and Data Acquisition

7. Section 3: Forensic Tools in Kali Linux

8. Chapter 5: Evidence Acquisition and Preservation with dc3dd and Guymager

9. Chapter 6: File Recovery and Data Carving with foremost, Scalpel, and bulk_extractor

10. Chapter 7: Memory Forensics with Volatility

11. Chapter 8: Artifact Analysis

12. Section 4: Automated Digital Forensic Suites

13. Chapter 9: Autopsy

14. Chapter 10: Analysis with Xplico

15. Chapter 11: Network Analysis

16. Other Books You May Enjoy

What this book covers

Chapter 1, Introduction to Digital Forensics, introduces the reader to the world of digital forensics and forensic methodology, and also introduces the reader to various forensic operating systems.

Chapter 2, Installing Kali Linux, covers the various methods that can be used to install Kali Linux as a virtual machine or as a standalone operating system, which can also be run from a flash drive or SD card.

Chapter 3, Understanding Filesystems and Storage Media, dives into the realm of operating systems and the various formats for file storage, including secret hiding places not seen by the end user or even the operating system. We also inspect data about data, known as metadata, and look at its volatility.

Chapter 4, Incident Response and Data Acquisition, asks what happens when an incident is reported or detected? Who are the first responders and what are the procedures for maintaining the integrity of the evidence? In this chapter, we look at best practices and procedures in data acquisition and evidence collection.

Chapter 5, Evidence Acquisition and Preservation with dc3dd and Guymager, helps you to harness the power of DC3DD to acquire evidence, calculate and verify hashes, split images, and even forensically erase media. We'll also look at the Guymager GUI interface to acquire evidence and introduce Windows imaging tools such as FTK Imager and Belkasoft RAM Capturer.

Chapter 6, File Recovery and Data Carving with foremost, Scalpel, and bulk_extractor, covers tools that demonstrate that deleted data can be recovered using various file-carving methods.

Chapter 7, Memory Forensics with Volatility, demonstrates the importance of preserving volatile evidence such as the contents of the RAM and the paging file. Using Volatility and Evolve, we will identify and analyze running processes and network connections, and identify existing malware.

Chapter 8, Artifact Analysis, deals with tools that we can use to identify systems, processes, passwords, emails, and other artifacts that are useful to any investigator. We also perform artifact analysis of the WannaCry ransomware.

Chapter 9, Autopsy, The Sleuth Kit, revisits Autopsy (with new labs), which is recognized as one of the very few available tools to rival commercial forensic tools. This powerful tool takes forensic abilities and investigations to a professional level, catering for all aspects of full digital forensics investigations from hashing to reporting.

Chapter 10, Analysis with Xplico, investigates and analyzes captured network and internet traffic using this powerful tool.

Chapter 11, Network Analysis, continues with network artifact analysis by demonstrating how to create packet captures with Wireshark, and then quickly moves into automated analysis using offline and online tools such as Network Miner, PcapXray, and PacketTotal.