Preface

• Who this book is for
• What this book covers
• To get the most out of this book
• Download the example code files
• Download the color images
• Conventions used
• Get in touch
• Share Your Thoughts

1. Part 1: Blue and Purple Teaming Fundamentals

2. Chapter 1: Red, Blue, and Purple Teaming Fundamentals FREE CHAPTER

• How I got started with Kali Linux
• What is Kali Linux?
• Understanding red teaming
• Understanding blue teaming
• Understanding purple teaming
• Summary

3. Chapter 2: Introduction to Digital Forensics

• What is digital forensics?
• The need for blue and purple teams
• Digital forensics methodologies and frameworks
• Comparison of digital forensics operating systems
• The need for multiple forensics tools in digital investigations
• Summary

4. Chapter 3: Installing Kali Linux

• Technical requirements
• Downloading Kali Linux
• Installing Kali Linux on portable storage media for 
live DFIR
• Installing Kali as a standalone operating system
• Installing Kali in VirtualBox
• Installing Kali Linux on the virtual machine
• Summary

5. Chapter 4: Additional Kali Installations and Post-Installation Tasks

• Installing a pre-configured version of Kali Linux in VirtualBox
• Installing Kali Linux on Raspberry Pi4
• Updating Kali
• Enabling the root user account in Kali
• Adding the Kali Linux forensics metapackage
• Summary

6. Chapter 5: Installing Wine in Kali Linux

• What Wine is and the advantages of using it in Kali Linux
• Installing Wine
• Testing our Wine installation
• Summary

7. Part 2: Digital Forensics and Incident Response Fundamentals and Best Practices

8. Chapter 6: Understanding File Systems and Storage

• History and types of storage media
• File systems and operating systems
• Data types and states
• Volatile and non-volatile data and the order of volatility
• The importance of RAM, the paging file, and cache in DFIR
• Summary

9. Chapter 7: Incident Response, Data Acquisitions, and DFIR Frameworks

• Evidence acquisition procedures
• Incident response and first responders
• Evidence collection and documentation
• Live versus post-mortem acquisition
• The CoC
• The importance of write blockers
• Data imaging and maintaining evidence integrity
• Data acquisition best practices and DFIR frameworks
• Summary

10. Part 3: Kali Linux Digital Forensics and Incident Response Tools

11. Chapter 8: Evidence Acquisition Tools

• Using the fdisk command for partition recognition
• Creating strong hashes for evidence integrity
• Drive acquisition using DC3DD
• Drive acquisition using DD
• Drive acquisition using Guymager
• Drive and memory acquisition using FTK Imager in Wine
• RAM and paging file acquisition using Belkasoft RAM Capturer
• Summary

12. Chapter 9: File Recovery and Data Carving Tools

• File basics
• Downloading the sample files
• File recovery and data carving with Foremost
• Image recovery with Magicrescue
• Data carving with Scalpel
• Data extraction with bulk_extractor
• NTFS recovery using scrounge-ntfs
• Image recovery using Recoverjpeg
• Summary

13. Chapter 10: Memory Forensics and Analysis with Volatility 3

• What’s new in Volatility 3
• Downloading sample memory dump files
• Installing Volatility 3 in Kali Linux
• Memory dump analysis using Volatility 3
• Summary

14. Chapter 11: Artifact, Malware, and Ransomware Analysis

• Identifying devices and operating systems with p0f
• Looking at the swap_digger tool to explore Linux artifacts
• Password dumping with MimiPenguin
• PDF malware analysis
• Using Hybrid Analysis for malicious file analysis
• Ransomware analysis using Volatility 3
• Summary

15. Part 4: Automated Digital Forensics and Incident Response Suites

16. Chapter 12: Autopsy Forensic Browser

• Introduction to Autopsy – The Sleuth Kit
• Downloading sample files for use and creating a case in the Autopsy browser
• Evidence analysis using the Autopsy forensic browser
• Summary

17. Chapter 13: Performing a Full DFIR Analysis with the Autopsy 4 GUI

• Autopsy 4 GUI features
• Installing Autopsy 4 in Kali Linux using Wine
• Downloading sample files for automated analysis
• Creating new cases and getting acquainted with the Autopsy 4 interface
• Analyzing directories and recovering deleted files and artifacts with Autopsy 4
• Summary

18. Part 5: Network Forensic Analysis Tools

19. Chapter 14: Network Discovery Tools

• Using netdiscover in Kali Linux to identify devices on a network
• Using Nmap to find additional hosts and devices on a network
• Using Nmap to fingerprint host details
• Using Shodan.io to find IoT devices including firewalls, CCTV, and servers
• Summary

20. Chapter 15: Packet Capture Analysis with Xplico

• Installing Xplico in Kali Linux
• Installing DEFT Linux 8.1 in VirtualBox
• Starting Xplico in DEFT Linux
• Using Xplico to automatically analyze web, email, and voice traffic
• Summary

21. Chapter 16: Network Forensic Analysis Tools

• Capturing packets using Wireshark
• Packet analysis using NetworkMiner
• Packet capture analysis with PcapXray
• Online PCAP analysis using packettotal.com
• Online PCAP analysis using apackets.com
• Reporting and presentation
• Summary

22. Index

• Why subscribe?

23. Other Books You May Enjoy

• Packt is searching for authors like you
• Share Your Thoughts
• Download a free PDF copy of this book