Digital Forensics with Kali Linux: Enhance your investigation skills by performing network and memory forensics with Kali Linux 2022.x, 3rd Edition
- Length: 414 pages
- Edition: 3
- Language: English
- Publisher: Packt Publishing
- Publication Date: 2023-04-14
- ISBN-10: 1837635153
- ISBN-13: 9781837635153
- Sales Rank: #1364398 (See Top 100 Books)
Explore various digital forensics methodologies and frameworks and manage your cyber incidents effectively
Purchase of the print or Kindle book includes a free PDF eBook
Key Features
- Gain red, blue, and purple team tool insights and understand their link with digital forensics
- Perform DFIR investigation and get familiarized with Autopsy 4
- Explore network discovery and forensics tools such as Nmap, Wireshark, Xplico, and Shodan
Book Description
Kali Linux is a Linux-based distribution that’s widely used for penetration testing and digital forensics. This third edition is updated with real-world examples and detailed labs to help you take your investigation skills to the next level using powerful tools.
This new edition will help you explore modern techniques for analysis, extraction, and reporting using advanced tools such as FTK Imager, Hex Editor, and Axiom. You’ll cover the basics and advanced areas of digital forensics within the world of modern forensics while delving into the domain of operating systems. As you advance through the chapters, you’ll explore various formats for file storage, including secret hiding places unseen by the end user or even the operating system. You’ll also discover how to install Windows Emulator, Autopsy 4 in Kali, and how to use Nmap and NetDiscover to find device types and hosts on a network, along with creating forensic images of data and maintaining integrity using hashing tools. Finally, you’ll cover advanced topics such as autopsies and acquiring investigation data from networks, memory, and operating systems.
By the end of this digital forensics book, you’ll have gained hands-on experience in implementing all the pillars of digital forensics: acquisition, extraction, analysis, and presentation – all using Kali Linux’s cutting-edge tools.
What you will learn
- Install Kali Linux on Raspberry Pi 4 and various other platforms
- Run Windows applications in Kali Linux using Windows Emulator as Wine
- Recognize the importance of RAM, file systems, data, and cache in DFIR
- Perform file recovery, data carving, and extraction using Magic Rescue
- Get to grips with the latest Volatility 3 framework and analyze the memory dump
- Explore the various ransomware types and discover artifacts for DFIR investigation
- Perform full DFIR automated analysis with Autopsy 4
- Become familiar with network forensic analysis tools (NFATs)
Who this book is for
This book is for students, forensic analysts, digital forensics investigators and incident responders, security analysts and administrators, penetration testers, or anyone interested in enhancing their forensics abilities using the latest version of Kali Linux along with powerful automated analysis tools. Basic knowledge of operating systems, computer components, and installation processes will help you gain a better understanding of the concepts covered.
Cover Title Page Copyright and Credit Dedicated Contributors Table of Contents Preface Part 1: Blue and Purple Teaming Fundamentals Chapter 1: Red, Blue, and Purple Teaming Fundamentals How I got started with Kali Linux What is Kali Linux? Why is Kali Linux so popular? Understanding red teaming Understanding blue teaming Understanding purple teaming Summary Chapter 2: Introduction to Digital Forensics What is digital forensics? The need for blue and purple teams Digital forensics methodologies and frameworks DFIR frameworks Comparison of digital forensics operating systems Digital evidence and forensics toolkit Linux Computer Aided INvestigative Environment (CAINE) CSI Linux Kali Linux The need for multiple forensics tools in digital investigations Commercial forensics tools Anti-forensics – threats to digital forensics Summary Chapter 3: Installing Kali Linux Technical requirements Downloading Kali Linux Downloading the required tools and images Downloading the Kali Linux Everything torrent Installing Kali Linux on portable storage media for live DFIR Installing Kali as a standalone operating system Installing Kali in VirtualBox Preparing the Kali Linux VM Installing Kali Linux on the virtual machine Installing and configuring Kali Linux as a virtual machine or as a standalone OS Summary Chapter 4: Additional Kali Installations and Post-Installation Tasks Installing a pre-configured version of Kali Linux in VirtualBox Installing Kali Linux on Raspberry Pi4 Updating Kali Enabling the root user account in Kali Adding the Kali Linux forensics metapackage Summary Chapter 5: Installing WINE in Kali Linux What WINE is and the advantages of using it in Kali Linux Installing WINE Configuring our WINE installation Testing our WINE installation Summary Part 2: Digital Forensics and Incident Response Fundamentals and Best Practices Chapter 6: Understanding File Systems and Storage History and types of storage media IBM and the history of storage media Removable storage media Magnetic tape drives Floppy disks Optical storage media Blu-ray Disc Flash storage media USB flash drives Flash memory cards Hard disk drives Integrated Drive Electronics HDDs Serial Advanced Technology Attachment HDDs Solid-state drives File systems and operating systems Microsoft Windows Macintosh (macOS) Linux Data types and states Metadata Slack space Volatile and non-volatile data and the order of volatility The importance of RAM, the paging file, and cache in DFIR Summary Chapter 7: Incident Response, Data Acquisitions, and DFIR Frameworks Evidence acquisition procedures Incident response and first responders Evidence collection and documentation Physical acquisition tools Live versus post-mortem acquisition Order of volatility Powered-on versus powered-off device acquisition The CoC The importance of write blockers Data imaging and maintaining evidence integrity Message Digest (MD5) hash Secure Hashing Algorithm (SHA) Data acquisition best practices and DFIR frameworks DFIR frameworks Summary Part 3: Kali Linux Digital Forensics and Incident Response Tools Chapter 8: Evidence Acquisition Tools Using the fdisk command for partition recognition Device identification using the fdisk command Creating strong hashes for evidence integrity Drive acquisition using DC3DD Verifying the hash output of image files Erasing a drive using DC3DD Drive acquisition using DD Drive acquisition using Guymager Running Guymager Acquiring evidence with Guymager Drive and memory acquisition using FTK Imager in WINE Installing FTK Imager RAM acquisition with FTK Imager RAM and paging file acquisition using Belkasoft RAM Capturer Summary Chapter 9: File Recovery and Data Carving Tools File basics Downloading the sample files File recovery and data carving with Foremost Image recovery with Magicrescue Data carving with Scalpel Data extraction with bulk_extractor NTFS recovery using scrounge-ntfs Image recovery using Recoverjpeg Summary Chapter 10: Memory Forensics and Analysis with Volatility What’s new in Volatility Downloading sample memory dump files Installing Volatility 3 in Kali Linux Memory dump analysis using Volatility Image and OS verification Process identification and analysis Summary Chapter 11: Artifact, Malware, and Ransomware Analysis Identifying devices and operating systems with p0f Looking at the swap_digger tool to explore Linux artifacts Installing and using swap_digger Password dumping with MimiPenguin PDF malware analysis Using Hybrid Analysis for malicious file analysis Ransomware analysis using Volatility The pslist plugin Summary Part 4: Automated Digital Forensics and Incident Response Suites Chapter 12: Autopsy Forensic Browser Introduction to Autopsy – The Sleuth Kit Downloading sample files for use and creating a case in the Autopsy browser Starting Autopsy Creating a new case in the Autopsy forensic browser Evidence analysis using the Autopsy forensic browser Summary Chapter 13: Performing a Full DFIR Analysis with the Autopsy 4 GUI Autopsy 4 GUI features Installing Autopsy 4 in Kali Linux using Wine Downloading sample files for automated analysis Creating new cases and getting acquainted with the Autopsy 4 interface Analyzing directories and recovering deleted files and artifacts with Autopsy Summary Part 5: Network Forensic Analysis Tools Chapter 14: Network Discovery Tools Using netdiscover in Kali Linux to identify devices on a network Using Nmap to find additional hosts and devices on a network Using Nmap to fingerprint host details Using Shodan.io to find IoT devices including firewalls, CCTV, and servers Using Shodan filters for IoT searches Summary Chapter 15: Packet Capture Analysis with Xplico Installing Xplico in Kali Linux Installing DEFT Linux 8.1 in VirtualBox Downloading sample analysis files Starting Xplico in DEFT Linux Using Xplico to automatically analyze web, email, and voice traffic Automated web traffic analysis Automated SMTP traffic analysis Automated VoIP traffic analysis Summary Chapter 16: Network Forensic Analysis Tools Capturing packets using Wireshark Packet analysis using NetworkMiner Packet capture analysis with PcapXray Online PCAP analysis using packettotal.com Online PCAP analysis using apackets.com Reporting and presentation Summary Index Other Books You May Enjoy
Donate to keep this site alive
How to download source code?
1. Go to: https://github.com/PacktPublishing
2. In the Find a repository… box, search the book title: Digital Forensics with Kali Linux: Enhance your investigation skills by performing network and memory forensics with Kali Linux 2022.x, 3rd Edition
, sometime you may not get the results, please search the main title.
3. Click the book title in the search results.
3. Click Code to download.
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.