Digital Forensics with Kali Linux

Perform successful malware, ransomware, network analysis, and data recovery with help of the latest and automated Kali Linux tools and explore various digital forensics methodologies and frameworks with help of best practices.

Key Features

• Gain red, blue, and purple team tool insights and how it relates to Digital Forensics
• Perform DFIR investigation and get acquainted with the Autopsy 4
• Explore network discovery and forensics tools such as Nmap, Wireshark, Xplico, Shodan

Book Description

Kali Linux is a Linux-based distribution that's widely used for penetration testing and digital forensics. It has a wide range of tools to help with digital forensics investigations and incident response mechanisms.

This updated third edition of Digital Forensics with Kali Linux covers the latest version of Kali Linux and The Sleuth Kit. You'll get to grips with modern techniques for analysis, extraction, and reporting using advanced tools such as FTK Imager, hex editor, and Axiom. Updated to cover digital forensics basics and advancements in the world of modern forensics, this book will also delve into the domain of operating systems. Progressing through the chapters, you'll explore various formats for file storage, including secret hiding places unseen by the end user or even the operating system. This new edition also covers how to install Windows Emulator, Autopsy 4 in Kali, and how to Nmap and NetDiscover to find device types and hosts on a network. The book will also show you how to create forensic images of data and maintain integrity using hashing tools. Finally, you'll cover advanced topics such as autopsies and acquiring investigation data from networks, memory, and operating system.

By the end of this book, you'll have gained hands-on experience in implementing all the pillars of digital forensics: acquisition, extraction, analysis, and presentation, all using Kali Linux cutting-edge tools.

What you will learn

• Install Kali Linux on a Raspberry Pi4 and various other platforms
• Run Windows applications in Kali Linux using Windows Emulator as WINE
• Learn the importance of RAM, filesystem, data, and Cache in DFIR
• Perform file recovery, data carving, and extraction using Magic Rescue
• Explore the latest Volatility 3 framework and analyze the memory dump
• Explore various ransomware types and discover artifacts for DFIR investigation
• Become well-versed in incident response procedures and best practices

Who This Book Is For

This book is for students, forensics analysts, digital investigators, security analysts and administrators, penetration testers, or anyone interested in enhancing their forensics abilities using latest version of Kali Linux and powerful automated analysis tools. Basic knowledge of operating system, computer components, installation process will be helpful to gain a better understanding of the concepts covered.

Table of Contents

1. Red, Blue and Purple Teaming
2. Introduction to Digital Forensics
3. Installing Kali Linux
4. Additional Kali Installations and Post-installation Tasks
5. Installing WINE in Kali Linux
6. Understanding File Systems and Storage
7. Incident Response, Data acquisitions, and DFIR Frameworks
8. Evidence Acquisition Tools
9. File Recovery and Data Carving Tools
10. Memory Forensics and Analysis with Volatility 3
11. Artifact Analysis
12. Autopsy Forensic Browser
13. Performing full DFIR with Autopsy 4GUI
14. Network Discovery Tools
15. Analysis with Xplico
16. Network Forensic Analysis Tools (NFAT)