Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Digital Forensics with Kali Linux

You're reading from   Digital Forensics with Kali Linux Enhance your investigation skills by performing network and memory forensics with Kali Linux 2022.x

Arrow left icon
Product type Paperback
Published in Apr 2023
Publisher Packt
ISBN-13 9781837635153
Length 414 pages
Edition 3rd Edition
Arrow right icon
Author (1):
Arrow left icon
Shiva V. N. Parasram Shiva V. N. Parasram
Author Profile Icon Shiva V. N. Parasram
Shiva V. N. Parasram
Arrow right icon
View More author details
Toc

Table of Contents (24) Chapters Close

Preface 1. Part 1: Blue and Purple Teaming Fundamentals
2. Chapter 1: Red, Blue, and Purple Teaming Fundamentals FREE CHAPTER 3. Chapter 2: Introduction to Digital Forensics 4. Chapter 3: Installing Kali Linux 5. Chapter 4: Additional Kali Installations and Post-Installation Tasks 6. Chapter 5: Installing Wine in Kali Linux 7. Part 2: Digital Forensics and Incident Response Fundamentals and Best Practices
8. Chapter 6: Understanding File Systems and Storage 9. Chapter 7: Incident Response, Data Acquisitions, and DFIR Frameworks 10. Part 3: Kali Linux Digital Forensics and Incident Response Tools
11. Chapter 8: Evidence Acquisition Tools 12. Chapter 9: File Recovery and Data Carving Tools 13. Chapter 10: Memory Forensics and Analysis with Volatility 3 14. Chapter 11: Artifact, Malware, and Ransomware Analysis 15. Part 4: Automated Digital Forensics and Incident Response Suites
16. Chapter 12: Autopsy Forensic Browser 17. Chapter 13: Performing a Full DFIR Analysis with the Autopsy 4 GUI 18. Part 5: Network Forensic Analysis Tools
19. Chapter 14: Network Discovery Tools 20. Chapter 15: Packet Capture Analysis with Xplico 21. Chapter 16: Network Forensic Analysis Tools 22. Index 23. Other Books You May Enjoy

What is Kali Linux?

Kali Linux is a Debian-based operating system used globally by cyber security professionals, students, and IT enthusiasts. Debian is a flavor of Linux that is completely free, stable, constantly updated, supports many types of hardware, and is also used by popular operating systems such as Ubuntu and Zorin. Kali Linux is certainly not new to the cybersecurity field and even goes back to the mid-2000s, but it was known then as BackTrack, which was a combination of two platforms called Auditor Security and Whax. This merge happened in 2006, with subsequent versions of BackTrack being released up to 2011 when BackTrack 5, based on Ubuntu 10.04, was released.

In 2013, Offensive Security released the first version of Kali v1 (Moto), which was based on Debian 7, and then Kali v2 in 2015, which was based on Debian 8. Following this, Kali Linux Rolling was released in 2016, with the names of the distribution reflecting both the year of release and the major update of the quarterly period. For example, at the time of writing, I use Kali 2022.3 and 2022.4, both based on recent versions of Debian. You can find more on the open source and free Debian Project at https://www.debian.org/intro/about.

As a cybersecurity professional, a Chief Information Security Officer (CISO), penetration tester (pentester), and subject matter expert in DFIR, I have used BackTrack and now Kali Linux for well over a decade since I first came across it when I started studying for the Certified Ethical Hacker exam in 2006. Since then, I’ve used a myriad of operating systems for pentesting and digital forensics, but my main tool of choice, particularly for pentesting, is Kali Linux. Although Kali Linux has focused less on DFIR and more on penetration testing, it makes it much easier for me to have both penetration testing and DFIR tools on one platform rather than have to switch between them.

For our readers who may have purchased the first and second editions of this book, I’d say you’re certainly in for a treat as I’ve not only updated many labs and introduced new tools in this edition, but I’ve also included a chapter on installing Wine in Kali Linux. Windows Emulator (Wine) allows you to run Windows applications in Kali Linux. Although it takes a bit of configuration, I’ve compiled a step-by-step guide on how to install Wine in Chapter 5, Installing Wine in Kali Linux.

Some of you may be wondering why we would install Wine instead of simply using a Windows machine. There are quite a few valid reasons actually. Firstly, cost is a major factor. Windows licenses aren’t cheap if you’re a student, in between jobs, changing careers, or live in a region where the exchange rate and forex are limiting factors in purchasing licensing. At the time of writing, the cost of a Windows 10 Professional license is $199.00, as listed on Microsoft’s site at https://www.microsoft.com/en-us/d/windows-10-pro/df77x4d43rkt?activetab=pivot:overviewtab.

Although we will not be using commercial tools in this book, there are some amazing free DFIR tools that are available for Windows, such as Belkasoft RAM Capturer, Autopsy 4 GUI, and NetworkMiner, which we can now install within our open source Kali Linux environment instead of on a licensed Windows machine. These tools will be covered in detail in Chapter 8, Evidence Acquisition Tools, Chapter 13, Performing a Full DFIR Analysis with the Autopsy 4 GUI, and Chapter 16, Network Forensic Analysis Tools, respectively.

Another consideration is that Wine again saves us the hassle of having to switch between physical machines and can also save on resource utilization such as Random Access Memory (RAM), Central Processing Unit (CPU), Hard Disk Drive (HDD) space, and other resources when using virtual machines, which we will discuss more in detail in the next chapter.

Finally, we can install many other Windows applications in Kali Linux using tools, whether they be productivity tools or even tools for penetration testing, thus making our Kali Linux installation the perfect purple teaming operating system environment, which we will discuss later in this chapter.

Why is Kali Linux so popular?

Aside from being one of the oldest, InfoSec distros (distributions), Kali Linux has a very large support base, and you can find thousands of tutorials on installation, using built-in tools, and installing additional tools on YouTube, TikTok, and the internet at large, making it one of the more user-friendly platforms.

Kali Linux also comes with over 600 tools, all of which are nicely categorized in Kali’s Applications menu. Many of the tools included in Kali can perform various cybersecurity tasks ranging from Open Source Intelligence (OSINT), scanning, vulnerability assessments, exploitation and penetration testing, office and productivity tools, and, of course, DFIR. The full listing of tools can be found at https://www.kali.org/tools/all-tools/.

The following screenshot gives a preview of the category listings in the Kali Linux menu.

Figure 1.1 – Category listing in the Kali Linux menu

Figure 1.1 – Category listing in the Kali Linux menu

Kali Linux users also have the option to download and install (meta)packages manually rather than downloading a very large installation file. Kali Linux (meta)packages contain tools and dependencies that may be specific to an assessment or task, such as information gathering, vulnerability assessments, wireless hacking, and forensics. Alternatively, a user can download the kali-linux-everything (meta)package. We’ll go into more detail about (meta)package installations in Chapter 4, Additional Kali Installations and Post-Installation Tasks, but if you’d like to know more about what (meta)packages exist, you can find the full listing at https://www.kali.org/docs/general-use/metapackages/.

Yet another reason why Kali Linux is so popular is that there are several versions available for a multitude of physical, virtual, mobile, and portable devices. Kali is available as a standalone operating system image and can also be installed virtually using their pre-built images for virtual platforms such as VMware and VirtualBox, which will be covered in detail in Chapter 3, Installing Kali Linux, and Chapter 4, Additional Kali Installations and Post-Installation Tasks. There are also versions of Kali for ARM devices, cloud instances, and even the ability to run Kali Linux in Windows 10 under the Windows Subsystem for Linux (WSL). On a personal note, I also use the mobile version of Kali Linux called Kali NetHunter on an old OnePlus phone and also on a Raspberry Pi 4, which, when connected to a power bank, serve as the ultimate portable security assessment toolkit. As far as installation on mobile phones goes, NetHunter (and even Kali Linux itself in some cases) can be installed on a variety of phones from Samsung, Nokia, OnePlus, Sony, Xiaomi, Google, or ZTE. We’ll look at installing Kali Linux in VirtualBox and Raspberry Pi 4 in Chapter 4, Additional Kali Installations and Post-Installation Tasks.

The fact that Kali Linux offers all these features for free and can be easily upgraded with the addition of new tools just a couple of clicks and commands away makes it the perfect purple teaming solution. Let’s take a look at red, blue, and purple teaming and the skillsets required for each team.

You have been reading a chapter from
Digital Forensics with Kali Linux - Third Edition
Published in: Apr 2023
Publisher: Packt
ISBN-13: 9781837635153
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at €18.99/month. Cancel anytime