Digital Forensics with Kali Linux
eBook - ePub

Digital Forensics with Kali Linux

Shiva V. N Parasram, Alex Samm, Dale Joseph

Buch teilen
  1. 274 Seiten
  2. English
  3. ePUB (handyfreundlich)
  4. Über iOS und Android verfügbar
eBook - ePub

Digital Forensics with Kali Linux

Shiva V. N Parasram, Alex Samm, Dale Joseph

Angaben zum Buch
Buchvorschau
Inhaltsverzeichnis
Quellenangaben

Über dieses Buch

Learn the skills you need to take advantage of Kali Linux for digital forensics investigations using this comprehensive guide

Key Features

  • Master powerful Kali Linux tools for digital investigation and analysis
  • Perform evidence acquisition, preservation, and analysis using various tools within Kali Linux
  • Implement the concept of cryptographic hashing and imaging using Kali Linux
  • Perform memory forensics with Volatility and internet forensics with Xplico.
  • Discover the capabilities of professional forensic tools such as Autopsy and DFF (Digital Forensic Framework) used by law enforcement and military personnel alike

Book Description

Kali Linux is a Linux-based distribution used mainly for penetration testing and digital forensics. It has a wide range of tools to help in forensics investigations and incident response mechanisms.

You will start by understanding the fundamentals of digital forensics and setting up your Kali Linux environment to perform different investigation practices. The book will delve into the realm of operating systems and the various formats for file storage, including secret hiding places unseen by the end user or even the operating system. The book will also teach you to create forensic images of data and maintain integrity using hashing tools. Next, you will also master some advanced topics such as autopsies and acquiring investigation data from the network, operating system memory, and so on. The book introduces you to powerful tools that will take your forensic abilities and investigations to a professional level, catering for all aspects of full digital forensic investigations from hashing to reporting.

By the end of this book, you will have had hands-on experience in implementing all the pillars of digital forensics—acquisition, extraction, analysis, and presentation using Kali Linux tools.

What you will learn

  • Get to grips with the fundamentals of digital forensics and explore best practices
  • Understand the workings of file systems, storage, and data fundamentals
  • Discover incident response procedures and best practices
  • Use DC3DD and Guymager for acquisition and preservation techniques
  • Recover deleted data with Foremost and Scalpel
  • Find evidence of accessed programs and malicious programs using Volatility.
  • Perform network and internet capture analysis with Xplico
  • Carry out professional digital forensics investigations using the DFF and Autopsy automated forensic suites

Who this book is for

This book is targeted at forensics and digital investigators, security analysts, or any stakeholder interested in learning digital forensics using Kali Linux. Basic knowledge of Kali Linux will be an advantage.

Häufig gestellte Fragen

Wie kann ich mein Abo kündigen?
Gehe einfach zum Kontobereich in den Einstellungen und klicke auf „Abo kündigen“ – ganz einfach. Nachdem du gekündigt hast, bleibt deine Mitgliedschaft für den verbleibenden Abozeitraum, den du bereits bezahlt hast, aktiv. Mehr Informationen hier.
(Wie) Kann ich Bücher herunterladen?
Derzeit stehen all unsere auf Mobilgeräte reagierenden ePub-Bücher zum Download über die App zur Verfügung. Die meisten unserer PDFs stehen ebenfalls zum Download bereit; wir arbeiten daran, auch die übrigen PDFs zum Download anzubieten, bei denen dies aktuell noch nicht möglich ist. Weitere Informationen hier.
Welcher Unterschied besteht bei den Preisen zwischen den Aboplänen?
Mit beiden Aboplänen erhältst du vollen Zugang zur Bibliothek und allen Funktionen von Perlego. Die einzigen Unterschiede bestehen im Preis und dem Abozeitraum: Mit dem Jahresabo sparst du auf 12 Monate gerechnet im Vergleich zum Monatsabo rund 30 %.
Was ist Perlego?
Wir sind ein Online-Abodienst für Lehrbücher, bei dem du für weniger als den Preis eines einzelnen Buches pro Monat Zugang zu einer ganzen Online-Bibliothek erhältst. Mit über 1 Million Büchern zu über 1.000 verschiedenen Themen haben wir bestimmt alles, was du brauchst! Weitere Informationen hier.
Unterstützt Perlego Text-zu-Sprache?
Achte auf das Symbol zum Vorlesen in deinem nächsten Buch, um zu sehen, ob du es dir auch anhören kannst. Bei diesem Tool wird dir Text laut vorgelesen, wobei der Text beim Vorlesen auch grafisch hervorgehoben wird. Du kannst das Vorlesen jederzeit anhalten, beschleunigen und verlangsamen. Weitere Informationen hier.
Ist Digital Forensics with Kali Linux als Online-PDF/ePub verfügbar?
Ja, du hast Zugang zu Digital Forensics with Kali Linux von Shiva V. N Parasram, Alex Samm, Dale Joseph im PDF- und/oder ePub-Format sowie zu anderen beliebten Büchern aus Computer Science & Operating Systems. Aus unserem Katalog stehen dir über 1 Million Bücher zur Verfügung.

Information

Verlag
Packt Publishing
Jahr
2017
ISBN
9781788629577
Auflage
1
Thema
Computer Science
Thema
Operating Systems

Network and Internet Capture Analysis with Xplico

Xplico is an open source, GUI Network Forensics Analysis Tool (NFAT) that focuses on extracting artifacts from network and internet captures.
Captures of network and internet traffic are obtained directly in Xplico using its live acquisition feature but can also be done using tools within Kali Linux such as Wireshark and Ettercap. These network acquisition files are saved as .pcap or packet capture files that are then uploaded to Xplico and decoded automatically using its IP decoder and decoder manager components.
Some of the protocols that we can investigate using Xplico include, but are not limited to:
  • Transmission Control Protocol (TCP)
  • User Datagram Protocol (UDP)
  • Hypertext Transfer Protocol (HTTP)
  • File Transfer Protocol (FTP)
  • Trivial FTP (TFTP)
  • Session Initiation Protocol (SIP)
  • Post Office Protocol (POP)
  • Internet Map Access Protocol (IMAP)
  • Simple Mail Transfer Protocol (SMTP)
Data contained in network and internet packet captures, and even live acquisition, can contain artifacts such as:
  • HTTP traffic such as websites browsed
  • Email
  • Facebook chats
  • RTP and VoIP
  • Printed files
Traffic encrypted using Secure Sockets Layer (SSL) cannot be currently viewed with Xplico.

Software required

Xplico comes with many versions of Linux. Xplico usually requires some updates to run, depending on the versions of Kali used. For this chapter I recommend using Kali Linux 2016.1 or 2016.2. I also recommend using Kali in a virtual environment when using Xplico as incorrectly updating Kali could break it. Users may also wish to use the snapshot feature before updating Kali Linux which saves the current working state of the machine that can be easily rolled back to, in the event that the distribution breaks.
Kali Linux 2016.1 can be downloaded from https://cdimage.kali.org/kali-2016.1/.

Kali Linux 2016.2 can be downloaded from https://cdimage.kali.org/kali-2016.2/.
Should you run into difficulties updating Kali or running Xplico (which happens sometimes) consider downloading and running DEFT Linux 8.2 in a virtual environment. Beginners may find that Xplico may be easier to work with in DEFT Linux as there are GUI menu items to start the Apache and Xplico services options, whereas these have to be typed into the Terminal in Kali Linux.
DEFT Linux 8.2 can be downloaded from http://na.mirror.garr.it/mirrors/deft/.

Starting Xplico in Kali Linux

Updating Kali is simple as the commands remain the same when updating throughout different versions (2016.x and 2017.x).
In a new Terminal, we type apt-get update and press Enter. The sudo apt-get update command may have to be used to provide admin privileges if the former does not run successfully.
We then attempt to install Xplico by typing apt-get install xplico (or sudo apt-get install xplico):
If an error is encountered, as seen in the following screenshot, we must update the Kali Linux repositories by first updating our sources list and then running the apt-get update command again. To update the sources list, type the leafpad /etc/apt/sources.list command which opens up the file for us to edit:
At the top of the file, ente...

Inhaltsverzeichnis