Log In
Or create an account -> 
Imperial Library
  • Home
  • About
  • News
  • Upload
  • Forum
  • Help
  • Login/SignUp

Index
Title Page Copyright
Digital Forensics with Kali Linux
Credits Disclaimer About the Author About the Reviewers www.PacktPub.com
Why subscribe?
Customer Feedback Preface
What this book covers What you need for this book Who this book is for Conventions Reader feedback Customer support
Downloading the example code Errata Piracy Questions
Introduction to Digital Forensics
What is digital forensics? Digital forensics methodology A brief history of digital forensics The need for digital forensics as technology advances Commercial tools available in the field of digital forensics Operating systems and open source tools for digital forensics
Digital evidence and forensics toolkit Linux Computer Aided INvestigative Environment Kali Linux
The need for multiple forensics tools in digital investigations Anti-forensics: threats to digital forensics
Encryption Online and offline anonymity
Summary
Installing Kali Linux
Software version Downloading Kali Linux Installing Kali Linux Installing Kali Linux in VirtualBox
Preparing the Kali Linux virtual machine Installing Kali Linux on the virtual machine
Partitioning the disk
Exploring Kali Linux
Summary
Understanding Filesystems and Storage Media
Storage media
IBM and the history of storage media Removable storage media
Magnetic tape drives Floppy disks
Evolution of the floppy disk
Optical storage media
Compact disks Digital versatile disks Blu-ray disk
Flash storage media
USB flash drives
Flash memory cards
Hard disk drives
IDE HDDs SATA HDDs Solid-state drives
Filesystems and operating systems What about the data?
Data states Metadata Slack space
Data volatility The paging file and its importance in digital forensics Summary
Incident Response and Data Acquisition
Digital evidence acquisitions and procedures Incident response and first responders Documentation and evidence collection
Physical evidence collection and preservation Physical acquisition tools Order of volatility
Chain of Custody Powered-on versus powered-off device acquisition
Powered-on devices Powered-off devices
Write blocking Data imaging and hashing
Message Digest (MD5) hash Secure Hashing Algorithm (SHA)
Device and data acquisition guidelines and best practices Summary
Evidence Acquisition and Preservation with DC3DD and Guymager
Drive and partition recognition in Linux
Device identification using the fdisk command
Maintaining evidence integrity Using DC3DD in Kali Linux
File-splitting using DC3DD
Verifying hashes of split image files
Erasing a drive using DC3DD
Image acquisition using Guymager
Running Guymager Acquiring evidence with Guymager Hash verification
Summary
File Recovery and Data Carving with Foremost, Scalpel, and Bulk Extractor
Forensic test images used in Foremost and Scalpel Using Foremost for file recovery and data carving
Viewing Foremost results
Using Scalpel for data carving
Specifying file types in Scalpel Using Scalpel for file carving Viewing results of Scalpel Comparing Foremost and Scalpel
Bulk_extractor
Forensic test image for Bulk_extractor Using Bulk_extractor Viewing results of Bulk_extractor
Summary
Memory Forensics with Volatility
About the Volatility Framework Downloading test images for use with Volatility
Image location
Using Volatility in Kali Linux
Choosing a profile in Volatility
The imageinfo plugin
Process identification and analysis
The pslist command The pstree command The psscan command The psxview plugin
Analyzing network services and connections 
The connections command The connscan command The sockets plugin
DLL analysis
The verinfo command The dlllist plugin The getsids command
Registry analysis
The hivescan plugin The hivelist plugin
Password dumping Timeline of events
The timeliner plugin
Malware analysis
Summary
Autopsy – The Sleuth Kit
Introduction to Autopsy – The Sleuth Kit Sample image file used in Autopsy Digital forensics with Autopsy
Starting Autopsy Creating a new case Analysis using Autopsy
Sorting files
Reopening cases in Autopsy
Summary
Network and Internet Capture Analysis with Xplico
Software required
Starting Xplico in Kali Linux Starting Xplico in DEFT Linux 8.2
Packet capture analysis using Xplico
HTTP and web analysis using Xplico VoIP analysis using Xplico Email analysis using Xplico
SMTP exercise using Wireshark sample file
Summary
Revealing Evidence Using DFF
Installing DFF
Starting the DFF GUI Recovering deleted files with DFF File analysis with DFF
Summary
  • ← Prev
  • Back
  • Next →
  • ← Prev
  • Back
  • Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion