Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Digital Forensics with Kali Linux

You're reading from   Digital Forensics with Kali Linux Enhance your investigation skills by performing network and memory forensics with Kali Linux 2022.x

Arrow left icon
Product type Paperback
Published in Apr 2023
Publisher Packt
ISBN-13 9781837635153
Length 414 pages
Edition 3rd Edition
Arrow right icon
Author (1):
Arrow left icon
Shiva V. N. Parasram Shiva V. N. Parasram
Author Profile Icon Shiva V. N. Parasram
Shiva V. N. Parasram
Arrow right icon
View More author details
Toc

Table of Contents (24) Chapters Close

Preface 1. Part 1: Blue and Purple Teaming Fundamentals
2. Chapter 1: Red, Blue, and Purple Teaming Fundamentals FREE CHAPTER 3. Chapter 2: Introduction to Digital Forensics 4. Chapter 3: Installing Kali Linux 5. Chapter 4: Additional Kali Installations and Post-Installation Tasks 6. Chapter 5: Installing Wine in Kali Linux 7. Part 2: Digital Forensics and Incident Response Fundamentals and Best Practices
8. Chapter 6: Understanding File Systems and Storage 9. Chapter 7: Incident Response, Data Acquisitions, and DFIR Frameworks 10. Part 3: Kali Linux Digital Forensics and Incident Response Tools
11. Chapter 8: Evidence Acquisition Tools 12. Chapter 9: File Recovery and Data Carving Tools 13. Chapter 10: Memory Forensics and Analysis with Volatility 3 14. Chapter 11: Artifact, Malware, and Ransomware Analysis 15. Part 4: Automated Digital Forensics and Incident Response Suites
16. Chapter 12: Autopsy Forensic Browser 17. Chapter 13: Performing a Full DFIR Analysis with the Autopsy 4 GUI 18. Part 5: Network Forensic Analysis Tools
19. Chapter 14: Network Discovery Tools 20. Chapter 15: Packet Capture Analysis with Xplico 21. Chapter 16: Network Forensic Analysis Tools 22. Index 23. Other Books You May Enjoy

Understanding purple teaming

We can now have our cybersecurity moment of Zen as we get into purple teaming. The term purple teaming refers to the combination of skill sets in red and blue teaming. The color purple can also be achieved by mixing the colors red and blue, hence the name purple teaming. Looking back at all the skill sets and certifications mentioned in the red and blue teaming sections, it may seem like an impossible accomplishment; however, I guarantee you that there are many purple teamers out there who started as novices and ended up as professionals, myself included.

When I started my journey in cybersecurity in the early 2000s, I was far more interested in ethical hacking and pentesting (red teaming) at that point in time and spent many a night in front of my desktop reading, researching, and using the very limited tools available at that time. It was not until perhaps 2008 that I decided to get into DFIR and became very interested in the field of forensics, to the point where I started to teach the CHFI course alongside the CEH course.

Every time I thought to myself that I’d specialize in one, I’d come across a new tool that would point me in the direction of the other. Thankfully, this all worked out in my favor as I soon realized that red and blue teaming overlap in many aspects and also that there was never a point where I could say that what I had already learned was enough. My point here is that cybersecurity is such a dynamic field with so many paths that you can never know just enough. There is always some new exploit, an investigative tool, or an incident response procedure to learn, and it’s up to you to decide whether you would like to specialize in one field or continue to learn and grow as I did and apply your knowledge when necessary.

Fast forward to today, and I’m the owner of the Computer Forensics and Security Institute, where I not only lead a purple team but I’m also the lead penetration tester as well as the lead forensic and incident response investigator. Again, it is very much possible to be well versed in both fields once you commit to it.

In this regard, I can comfortably state that Kali Linux is the perfect place to get started, as it offers the best tools for purple teaming. Let’s have a sneak peek at some of the exploitation (red teaming tools) available to us, which are all preinstalled with any version of Kali.

This is just a snippet of the tools within the Exploitation menu of Kali; however, I use the metasploit framework, the msf payload creator, and the social engineering toolkit (root) religiously for red team assessments.

Figure 1.2 – Tools within the Exploitation menu

Figure 1.2 – Tools within the Exploitation menu

Now let’s have a look at the Forensic menu in Kali Linux:

Figure 1.3 – Tools within the Forensics menu

Figure 1.3 – Tools within the Forensics menu

Again, these are just some of the forensics tools, as the others can also be found by viewing the All Applications menu, which we will explore in Chapter 3, Installing Kali Linux. Kali Linux is one of the few user-friendly platforms that offers a variety of tools for purple teaming, and I look forward to showing you how to effectively use many of them in the coming chapters.

In Chapter 3, Installing Kali Linux, I’ll show you, step by step, how to set up Kali Linux in a safe, virtual test environment where we can use our tools and download sample files for analysis. Although this virtual machine will be connected to the internet, we will use it in a sandboxed environment to ensure that it does not affect your production environment. In Chapter 5, Installing Wine in Kali Linux, I will also walk you through the process of installing Wine in Kali Linux to help build your ultimate blue and purple team arsenal of tools that will now combine the best open source Windows and Linux tools.

Now that we’ve looked at the differences between red, blue, and purple teaming, we will be moving on to understand digital forensics and also have a look at other forensic platforms and some commercial tools and quite importantly, gain some insight into forensic frameworks in Chapter 2, Introduction to Digital Forensics.

You have been reading a chapter from
Digital Forensics with Kali Linux - Third Edition
Published in: Apr 2023
Publisher: Packt
ISBN-13: 9781837635153
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime