by Marco Alamanni | Publisher: Packt Publishing | Release Date: April 2017 | ISBN: 9781783989225

Simplify the art of digital forensics and analysis with Kali LinuxAbout This VideoLearn and practice through various tools and techniques that leverage the Kali Linux distributionExtract and recover data and perform successful forensic analysis and investigationsPerform professional-quality forensics through ethical means, and solve forensic challenges in real-world scenariosIn DetailKali Linux is the most comprehensive distributions for penetration testing and ethical hacking. It has some of the most popular forensics tools available to conduct formal forensics and investigations and perform professional-level forensics.This video course teaches you all about the forensic analysis of computers and mobile devices that leverage the Kali Linux distribution. You'll get hands-on, seeing how to conduct each phase of the digital forensics process: acquisition, extraction, analysis, and presentation, using the rich set of open source tools that Kali Linux provides for each activity.The majority of this tools are also installed on other forensic Linux distributions, so the course is not only limited to Kali Linux but is suitable for any open-source forensic platform in the same way. We start by showing you how to use the tools (dc3dd in particular) to acquire images from the media to be analyzed, either hard drives, mobile devices, thumb drives, or memory cards. The course presents the Autopsy forensic suite and other specialized tools, such as the Sleuth Kit and RegRipper, to extract and analyze various artifacts from a Windows image. It also shows how to perform the analysis of an Android device image using Autopsy. Next, we cover file carving and the recovery of deleted data, and then the process of acquiring and analyzing RAM memory (live analysis) using the Volatility framework.Another topic is treated in the course, that is network forensics; indeed, the course covers how to use Wireshark to capture and analyze network data packets.Finally, we demonstrate how to report and present digital evidence found during the analysis. By the end of the course, you will be able to extract and recover data, analyze the acquired data, and report and present digital evidence from a device.

1. Chapter 1 : Installation and Setup
   • The Course Overview 00:04:14
   • Brief Introduction to Digital Forensics 00:06:35
   • Downloading and Installing Kali Linux 00:06:23
2. Chapter 2 : Acquiring Forensic Images
   • Introduction to Forensic Imaging 00:11:06
   • Overview of dcfldd and dc3dd 00:05:00
   • Drive Imaging with dc3dd 00:09:02
   • Android Device Imaging with dc3dd 00:12:45
   • Image Acquisition with Guymager 00:05:13
3. Chapter 3 : Artifacts Extraction and Analysis with CLI Tools
   • Overview of the Sleuth Kit and Filesystem Analysis 00:13:13
   • Windows Registry Analysis with RegRipper 00:09:24
   • Extracting and Analyzing Browser, E-mail, and IM Artifacts 00:13:40
   • File Analysis Tools 00:14:29
   • Building a Super-Timeline of the Events 00:10:49
4. Chapter 4 : File Carving and Data Recovery
   • File Carving Overview 00:07:05
   • File Carving Tools 00:08:35
   • Extracting Data with Bulk Extractor 00:05:04
5. Chapter 5 : The Autopsy Forensic Suite
   • Autopsy 4 Overview and Installation 00:05:11
   • Analysis of a Windows Image with Autopsy 00:10:45
   • Analysis of an Android Image with Autopsy 00:04:53
6. Chapter 6 : Memory Forensics
   • Introduction to Memory Forensics and Acquisition 00:04:01
   • Memory Acquisition 00:04:06
   • Introduction to Volatility 00:03:11
   • Memory Analysis with Volatility 00:04:23
7. Chapter 7 : Network Forensics
   • Introduction to Network Forensics 00:05:05
   • Capturing Network Traffic with Wireshark 00:06:32
   • Network Traffic Analysis with Wireshark 00:04:17
8. Chapter 8 : Reporting
   • Introduction to Reporting 00:03:34
   • Documentation and Reporting Tools 00:05:12