Digital Forensics with Kali Linux : Enhance Your Investigation Skills by Performing Network and Memory Forensics with Kali Linux 2022. x.

Digital Forensics with Kali Linux Enhance Your Investigation Skills by Performing Network and Memory Forensics with Kali Linux 2022. x.

Kali Linux is a Linux-based distribution that's widely used for penetration testing and digital forensics. This third edition is updated with real-world examples and detailed labs to help you take your investigation skills to the next level using powerful tools. This new edition will help you e...

Descripción completa

Detalles Bibliográficos
Autor principal: Parasram, Shiva V. N. (-)
Formato: Libro electrónico
Idioma:Inglés
Publicado: Birmingham : Packt Publishing, Limited 2023.
Edición:3rd ed
Materias:
Kali Linux.
Computer crimes > Investigation.
Computer networks > Security measures.
Penetration testing (Computer security)
Ver en Biblioteca Universitat Ramon Llull:https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009755239806719
Tabla de Contenidos:
  • Cover
  • Title Page
  • Copyright and Credit
  • Dedicated
  • Contributors
  • Table of Contents
  • Preface
  • Part 1: Blue and Purple Teaming Fundamentals
  • Chapter 1: Red, Blue, and Purple Teaming Fundamentals
  • How I got started with Kali Linux
  • What is Kali Linux?
  • Why is Kali Linux so popular?
  • Understanding red teaming
  • Understanding blue teaming
  • Understanding purple teaming
  • Summary
  • Chapter 2: Introduction to Digital Forensics
  • What is digital forensics?
  • The need for blue and purple teams
  • Digital forensics methodologies and frameworks
  • DFIR frameworks
  • Comparison of digital forensics operating systems
  • Digital evidence and forensics toolkit Linux
  • Computer Aided INvestigative Environment (CAINE)
  • CSI Linux
  • Kali Linux
  • The need for multiple forensics tools in digital investigations
  • Commercial forensics tools
  • Anti-forensics - threats to digital forensics
  • Summary
  • Chapter 3: Installing Kali Linux
  • Technical requirements
  • Downloading Kali Linux
  • Downloading the required tools and images
  • Downloading the Kali Linux Everything torrent
  • Installing Kali Linux on portable storage media for live DFIR
  • Installing Kali as a standalone operating system
  • Installing Kali in VirtualBox
  • Preparing the Kali Linux VM
  • Installing Kali Linux on the virtual machine
  • Installing and configuring Kali Linux as a virtual machine or as a standalone OS
  • Summary
  • Chapter 4: Additional Kali Installations and Post-Installation Tasks
  • Installing a pre-configured version of Kali Linux in VirtualBox
  • Installing Kali Linux on Raspberry Pi4
  • Updating Kali
  • Enabling the root user account in Kali
  • Adding the Kali Linux forensics metapackage
  • Summary
  • Chapter 5: Installing WINE in Kali Linux
  • What WINE is and the advantages of using it in Kali Linux
  • Installing WINE.
  • Configuring our WINE installation
  • Testing our WINE installation
  • Summary
  • Part 2: Digital Forensics and Incident Response Fundamentals and Best Practices
  • Chapter 6: Understanding File Systems and Storage
  • History and types of storage media
  • IBM and the history of storage media
  • Removable storage media
  • Magnetic tape drives
  • Floppy disks
  • Optical storage media
  • Blu-ray Disc
  • Flash storage media
  • USB ash drives
  • Flash memory cards
  • Hard disk drives
  • Integrated Drive Electronics HDDs
  • Serial Advanced Technology Attachment HDDs
  • Solid-state drives
  • File systems and operating systems
  • Microsoft Windows
  • Macintosh (macOS)
  • Linux
  • Data types and states
  • Metadata
  • Slack space
  • Volatile and non-volatile data and the order of volatility
  • The importance of RAM, the paging file, and cache in DFIR
  • Summary
  • Chapter 7: Incident Response, Data Acquisitions, and DFIR Frameworks
  • Evidence acquisition procedures
  • Incident response and first responders
  • Evidence collection and documentation
  • Physical acquisition tools
  • Live versus post-mortem acquisition
  • Order of volatility
  • Powered-on versus powered-off device acquisition
  • The CoC
  • The importance of write blockers
  • Data imaging and maintaining evidence integrity
  • Message Digest (MD5) hash
  • Secure Hashing Algorithm (SHA)
  • Data acquisition best practices and DFIR frameworks
  • DFIR frameworks
  • Summary
  • Part 3: Kali Linux Digital Forensics and Incident Response Tools
  • Chapter 8: Evidence Acquisition Tools
  • Using the fdisk command for partition recognition
  • Device identification using the fdisk command
  • Creating strong hashes for evidence integrity
  • Drive acquisition using DC3DD
  • Verifying the hash output of image files
  • Erasing a drive using DC3DD
  • Drive acquisition using DD
  • Drive acquisition using Guymager.
  • Running Guymager
  • Acquiring evidence with Guymager
  • Drive and memory acquisition using FTK Imager in WINE
  • Installing FTK Imager
  • RAM acquisition with FTK Imager
  • RAM and paging file acquisition using Belkasoft RAM Capturer
  • Summary
  • Chapter 9: File Recovery and Data Carving Tools
  • File basics
  • Downloading the sample files
  • File recovery and data carving with Foremost
  • Image recovery with Magicrescue
  • Data carving with Scalpel
  • Data extraction with bulk_extractor
  • NTFS recovery using scrounge-ntfs
  • Image recovery using Recoverjpeg
  • Summary
  • Chapter 10: Memory Forensics and Analysis with Volatility 3
  • What's new in Volatility 3
  • Downloading sample memory dump files
  • Installing Volatility 3 in Kali Linux
  • Memory dump analysis using Volatility 3
  • Image and OS verification
  • Process identification and analysis
  • Summary
  • Chapter 11: Artifact, Malware, and Ransomware Analysis
  • Identifying devices and operating systems with p0f
  • Looking at the swap_digger tool to explore Linux artifacts
  • Installing and using swap_digger
  • Password dumping with MimiPenguin
  • PDF malware analysis
  • Using Hybrid Analysis for malicious file analysis
  • Ransomware analysis using Volatility 3
  • The pslist plugin
  • Summary
  • Part 4: Automated Digital Forensics and Incident Response Suites
  • Chapter 12: Autopsy Forensic Browser
  • Introduction to Autopsy - The Sleuth Kit
  • Downloading sample files for use and creating a case in the Autopsy browser
  • Starting Autopsy
  • Creating a new case in the Autopsy forensic browser
  • Evidence analysis using the Autopsy forensic browser
  • Summary
  • Chapter 13: Performing a Full DFIR Analysis with the Autopsy 4 GUI
  • Autopsy 4 GUI features
  • Installing Autopsy 4 in Kali Linux using Wine
  • Downloading sample files for automated analysis.
  • Creating new cases and getting acquainted with the Autopsy 4 interface
  • Analyzing directories and recovering deleted files and artifacts with Autopsy 4
  • Summary
  • Part 5: Network Forensic Analysis Tools
  • Chapter 14: Network Discovery Tools
  • Using netdiscover in Kali Linux to identify devices on a network
  • Using Nmap to find additional hosts and devices on a network
  • Using Nmap to fingerprint host details
  • Using Shodan.io to find IoT devices including firewalls, CCTV, and servers
  • Using Shodan filters for IoT searches
  • Summary
  • Chapter 15: Packet Capture Analysis with Xplico
  • Installing Xplico in Kali Linux
  • Installing DEFT Linux 8.1 in VirtualBox
  • Downloading sample analysis files
  • Starting Xplico in DEFT Linux
  • Using Xplico to automatically analyze web, email, and voice traffic
  • Automated web traffic analysis
  • Automated SMTP traffic analysis
  • Automated VoIP traffic analysis
  • Summary
  • Chapter 16: Network Forensic Analysis Tools
  • Capturing packets using Wireshark
  • Packet analysis using NetworkMiner
  • Packet capture analysis with PcapXray
  • Online PCAP analysis using packettotal.com
  • Online PCAP analysis using apackets.com
  • Reporting and presentation
  • Summary
  • Index
  • Other Books You May Enjoy.

Ejemplares similares