You're reading from Digital Forensics with Kali Linux Perform data acquisition, data recovery, network forensics, and malware analysis with Kali Linux 2019.x

Product type Paperback

Published in Apr 2020

Publisher Packt

ISBN-13 9781838640804

Length 334 pages

Edition 2nd Edition

Tools

Kali Linux

Concepts

Forensics

Author (1):

Shiva V. N. Parasram

View More author details

Table of Contents (17) Chapters

Preface

1. Section 1: Kali Linux – Not Just for Penetration Testing

2. Chapter 1: Introduction to Digital Forensics FREE CHAPTER

3. Chapter 2: Installing Kali Linux

4. Section 2: Forensic Fundamentals and Best Practices

5. Chapter 3: Understanding Filesystems and Storage Media

6. Chapter 4: Incident Response and Data Acquisition

7. Section 3: Forensic Tools in Kali Linux

8. Chapter 5: Evidence Acquisition and Preservation with dc3dd and Guymager

9. Chapter 6: File Recovery and Data Carving with foremost, Scalpel, and bulk_extractor

10. Chapter 7: Memory Forensics with Volatility

11. Chapter 8: Artifact Analysis

12. Section 4: Automated Digital Forensic Suites

13. Chapter 9: Autopsy

14. Chapter 10: Analysis with Xplico

15. Chapter 11: Network Analysis

16. Other Books You May Enjoy

Summary

In this chapter, we learned about file recovery and data extraction using popular open source tools in Kali Linux. We first performed file carving using the very impressive foremost, which searched an entire image for supported file types within the file's headers and footers. We then did the same using recoverjpg and the newer Scalpel, but had to make a slight modification by selecting the file types we wished to carve. Both foremost and Scalpel presented us with an audit.txt file summarizing the carve list and its details, along with subfolders containing the actual evidence.

bulk_extractor is a wonderful tool that carves data and also finds useful information, such as email addresses, visited URLs, Facebook URLs, credit card numbers, and a variety of other information. bulk_extractor is great for investigations requiring file recovery and carving, together with either foremost or Scalpel, or even both.

Now that we've covered file carving and recovery, let...