eBook - ePub
Digital Forensics with Kali Linux
Perform data acquisition, data recovery, network forensics, and malware analysis with Kali Linux, 2nd Edition
Shiva V. N Parasram
This is a test
Share book
- 334 pages
- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
Digital Forensics with Kali Linux
Perform data acquisition, data recovery, network forensics, and malware analysis with Kali Linux, 2nd Edition
Shiva V. N Parasram
Book details
Book preview
Table of contents
Citations
About This Book
Take your forensic abilities and investigation skills to the next level using powerful tools that cater to all aspects of digital forensic investigations, right from hashing to reporting
Key Features
- Perform evidence acquisition, preservation, and analysis using a variety of Kali Linux tools
- Use PcapXray to perform timeline analysis of malware and network activity
- Implement the concept of cryptographic hashing and imaging using Kali Linux
Book Description
Kali Linux is a Linux-based distribution that's widely used for penetration testing and digital forensics. It has a wide range of tools to help for digital forensics investigations and incident response mechanisms.
This updated second edition of Digital Forensics with Kali Linux covers the latest version of Kali Linux and The Sleuth Kit. You'll get to grips with modern techniques for analysis, extraction, and reporting using advanced tools such as FTK Imager, hex editor, and Axiom. Updated to cover digital forensics basics and advancements in the world of modern forensics, this book will also delve into the domain of operating systems. Progressing through the chapters, you'll explore various formats for file storage, including secret hiding places unseen by the end user or even the operating system. The book will also show you how to create forensic images of data and maintain integrity using hashing tools. Finally, you'll cover advanced topics such as autopsies and acquiring investigation data from networks, operating system memory, and quantum cryptography.
By the end of this book, you'll have gained hands-on experience of implementing all the pillars of digital forensics: acquisition, extraction, analysis, and presentation, all using Kali Linux tools.
What you will learn
- Get up and running with powerful Kali Linux tools for digital investigation and analysis
- Perform internet and memory forensics with Volatility and Xplico
- Understand filesystems, storage, and data fundamentals
- Become well-versed with incident response procedures and best practices
- Perform ransomware analysis using labs involving actual ransomware
- Carry out network forensics and analysis using NetworkMiner and other tools
Who this book is for
This Kali Linux book is for forensics and digital investigators, security analysts, or anyone interested in learning digital forensics using Kali Linux. Basic knowledge of Kali Linux will be helpful to gain a better understanding of the concepts covered.
Frequently asked questions
How do I cancel my subscription?
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlegoâs features. The only differences are the price and subscription period: With the annual plan youâll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weâve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is Digital Forensics with Kali Linux an online PDF/ePUB?
Yes, you can access Digital Forensics with Kali Linux by Shiva V. N Parasram in PDF and/or ePUB format, as well as other popular books in Informatik & Cybersicherheit. We have over one million books available in our catalogue for you to explore.
Information
Section 1: Kali Linux â Not Just for Penetration Testing
In our first section, we cover the fundamentals of digital forensics, various operating systems used in forensics, and repositories for forensics tools, and jump right into Kali Linux 2019.3. We'll also look at the various methods for installing Kali Linux on physical, virtual, and portable devices, and the various modes within Kali Linux.Â
This part comprises the following chapters:
- Chapter 1, Introduction to Digital Forensics
- Chapter 2, Installing Kali Linux
Chapter 1: Introduction to Digital Forensics
Welcome to the second edition of Digital Forensics with Kali Linux. For those of you who may have purchased the first edition, the practical aspects of this book have been updated with new labs, and there are several new tools (with labs) for us to explore in this updated edition, starting with Chapter 2, Installing Kali Linux, where we will set up the latest version of Kali Linux (2019.3). For readers new to this book, I recommend starting here from the first chapter.
Digital forensics has had my attention for well over 13 years. Ever since I was given my first PC (thanks, Mom and Dad), I've always wondered what happened when I deleted my files from my massively large 2-gigabyte (GB) hard drive or moved (and, most times, hid) my files to a less-than-inconspicuous 3.5-inch floppy diskette that maxed out at 1.44 megabytes (MB) in capacity.
As I soon learned, hard disk drives and floppy disk drives did not possess the digital immortality I so confidently believed in. Sadly, many files, documents, and priceless fine art created in Microsoft Paint by yours truly were lost to the digital afterlife, never to be retrieved again. Sigh. The world will never know.
It wasn't until years later that I came across an article on file recovery and associated tools while browsing the magical World Wide Web (WWW) on my lightning-fast 42-kilobits-per-second (Kbps) dial-up internet connection (made possible by my very expensive USRobotics dial-up modem, which sang the tune of the technology gods every time I'd try to connect to the realm of the internet). This process involved a stealthy ninja-like skill that would make even a black-ops team envious, as it involved doing so without my parents noticing, as this would prevent them from using the telephone line to make or receive phone calls. (Apologies, dear Mother, Father, and older teenage sister.)
The previous article on data recovery wasn't anywhere near as detailed and fact-filled as the many great peer-reviewed papers, journals, and books on digital forensics widely available today. As a total novice (also referred to as a noob) in the field, I did learn a great deal about the basics of filesystems, data and metadata, storage measurements, and the workings of various storage media.
It was at this time that, even though I had read about the Linux operating system and its various distributions, I began to get an understanding of why Linux distributions were popular in data recovery and forensics.
At this time, I managed to bravely download the Auditor and Slax Linux distributions, again on a dial-up connection. Just downloading these operating systems was quite a feat, and it left me feeling highly accomplished as I did not have any clue as to how to install them, let alone actually use them. In those days, easy installation and graphical user interfaces (GUIs) were still under heavy development, as user friendlyâor, in my case, user unfriendlyâas they were at the time (mostly due to my inexperience, lack of recommended hardware, and, also, a lack of resources such as online forums, blogs, and YouTube, which I did not yet know about). I'll explain more about the Auditor and Slax operating systems in Chapter 2, Installing Kali Linux, including their role in the infamous BackTrack, and now Kali Linux, operating systems.
As time passed, I researched many tools found on various platforms for Windows, Macintosh, and many Linux distributions. I found that many of the tools used in digital forensics could be installed in various Linux distributions or flavors, and many of these tools were well maintained, constantly being developed, and were widely accepted by peers in the field. Kali Linux is a Linux distribution or flavor, but before we go any further, let me explain this concept. Consider your favorite beverage: this beverage can come in many flavors, some without sweeteners or sugar, in different colors, and even in various sizes. No matter what the variations, it's still the basic ingredients that comprise the beverage at the core. In this way, too, we have Linux, and then different types and varieties of Linux. Some of the more popular Linux distributions and flavors include Parrot OS, Computer Aided INvestigative Environment (CAINE), Red Hat, CentOS, Ubuntu, Mint, Knoppix, and, of course, Kali Linux. Kali Linux will be discussed further in Chapter 2, Installing Kali Linux.
For this book, we take a very structured approach to digital forensics, as we would in forensic science. We first stroll into the world of digital forensics, its history, and some of the tools and operating systems used for forensics, and immediately introduce you to the concepts involved in evidence preservation. As far as international best practices and guidelines go, I'd recommend reading up on the Council of Europe's Budapest Convention on Cybercrime (https://rm.coe.int/CoERMPublicCommonSearchServices/DisplayDCTMContent?documentId=09000016800cce5b) and the Association of Chief Police Officers (ACPO) Good Practice Guide for Digital Evidence (https://www.digital-detective.net/digital-forensics-documents/ACPO_Good_Practice_Guide_for_Digital_Evidence_v5.pdf) to get a better understanding of international frameworks and digital forensics best practices.
How about we kick things off? Let's get started!
This chapter gives an introduction to the various aspects of the science of digital forensics. The topics we are going to cover in this chapter are as follows:
- What is digital forensics?
- Digital forensics methodology
- A brief history of digital forensics
- The need for digital forensics as technology advances
- Operating systems and open source tools for digital forensics
- The need for multiple forensics tools in digital investigations
- Commercial forensics tools
- Anti-forensics â threats to digital forensics
What is digital forensics?
The first thing I'd like to cover in this chapter is an understanding of digital forensics and its proper practices and procedures. At some point, you may have come across several books, blogs, and even videos demonstrating various aspects of digital forensics and the different tools used. It is of great importance to understand that forensics itself is a science, involving very well-documented best practices and methods in an effort to reveal whether something exists.
Digital forensics involves the preservation, acquisition, documentation, analysis, and interpretation of evidence identified from various storage media types. It is not only limited to laptops, desktops, tablets, and mobile devices, but also extends to data in transit that is transmitted across public or private networks.
In some cases, digital forensics involves the discovery and/or recovery of data using various methods and tools available to the investigator. Digital forensics investigations include, but are not limited to, the following:
- Data recovery: Investigating and recovering data that may have been deleted, changed to different file extensions, and even hidden.
- Identity theft: Many fraudulent activities, ranging from stolen credit card usage to fake social media profiles, usually involving some sort of identity theft.
- Malware and ransomware investigations: To date, ransomware spread by Trojans and worms across networks and the internet are some of the biggest threats to companies, military organizations, and individuals. Malware can also be spread to, and by, mobile devices and smart devices.
- Network and internet investigations: Investigating Denial-of-Service (DoS) and Distributed Denia...