Digital Forensics with Kali Linux - Second Edition

Parasram, Shiva V. N.

  • 出版商: Packt Publishing
  • 出版日期: 2020-04-17
  • 售價: $1,260
  • 貴賓價: 9.5$1,197
  • 語言: 英文
  • 頁數: 334
  • 裝訂: Quality Paper - also called trade paper
  • ISBN: 1838640800
  • ISBN-13: 9781838640804
  • 相關分類: 資訊安全kali-linuxLinux
  • 立即出貨 (庫存=1)



Take your forensic abilities and investigation skills to the next level using powerful tools that cater to all aspects of digital forensic investigations, right from hashing to reporting

Key Features

  • Perform evidence acquisition, preservation, and analysis using a variety of Kali Linux tools
  • Use PcapXray to perform timeline analysis of malware and network activity
  • Implement the concept of cryptographic hashing and imaging using Kali Linux

Book Description

Kali Linux is a Linux-based distribution that's widely used for penetration testing and digital forensics. It has a wide range of tools to help for digital forensics investigations and incident response mechanisms.

This updated second edition of Digital Forensics with Kali Linux covers the latest version of Kali Linux and The Sleuth Kit. You'll get to grips with modern techniques for analysis, extraction, and reporting using advanced tools such as FTK Imager, hex editor, and Axiom. Updated to cover digital forensics basics and advancements in the world of modern forensics, this book will also delve into the domain of operating systems. Progressing through the chapters, you'll explore various formats for file storage, including secret hiding places unseen by the end user or even the operating system. The book will also show you how to create forensic images of data and maintain integrity using hashing tools. Finally, you'll cover advanced topics such as autopsies and acquiring investigation data from networks, operating system memory, and quantum cryptography.

By the end of this book, you'll have gained hands-on experience of implementing all the pillars of digital forensics: acquisition, extraction, analysis, and presentation, all using Kali Linux tools.

What you will learn

  • Get up and running with powerful Kali Linux tools for digital investigation and analysis
  • Perform internet and memory forensics with Volatility and Xplico
  • Understand filesystems, storage, and data fundamentals
  • Become well-versed with incident response procedures and best practices
  • Perform ransomware analysis using labs involving actual ransomware
  • Carry out network forensics and analysis using NetworkMiner and other tools

Who this book is for

This Kali Linux book is for forensics and digital investigators, security analysts, or anyone interested in learning digital forensics using Kali Linux. Basic knowledge of Kali Linux will be helpful to gain a better understanding of the concepts covered.




- 使用各種Kali Linux工具進行證據獲取、保存和分析
- 使用PcapXray進行恶意軟體和網絡活動的時間軸分析
- 使用Kali Linux實現加密雜湊和映像


Kali Linux是一個基於Linux的發行版,廣泛用於滲透測試和數位法醫。它擁有各種工具,可幫助進行數位法醫調查和事件反應機制。

這本更新的第二版《使用Kali Linux進行數位法醫》涵蓋了最新版本的Kali Linux和The Sleuth Kit。您將掌握使用高級工具(如FTK Imager、十六進制編輯器和Axiom)進行分析、提取和報告的現代技術。本書更新了數位法醫基礎知識和現代法醫領域的進展,還將深入探討操作系統的領域。通過閱讀各章,您將探索各種文件存儲格式,包括終端用戶或操作系統看不見的秘密隱藏位置。本書還將向您展示如何使用雜湊工具創建數位證據映像並保持完整性。最後,您將涵蓋高級主題,如屍檢以及從網絡、操作系統記憶體和量子密碼學中獲取調查數據。

通過閱讀本書,您將親身體驗實施數位法醫的所有支柱:獲取、提取、分析和呈現,全部使用Kali Linux工具。


- 使用強大的Kali Linux工具進行數位調查和分析
- 使用Volatility和Xplico進行網絡和記憶體法醫
- 了解檔案系統、存儲和數據基礎知識
- 熟悉事件反應程序和最佳實踐
- 使用實際勒索軟體進行勒索軟體分析
- 使用NetworkMiner和其他工具進行網絡法醫和分析

本書適合對數位法醫和數位調查感興趣的法醫和數位調查人員、安全分析師,以及任何對使用Kali Linux進行數位法醫學習感興趣的人。具備Kali Linux的基礎知識將有助於更好地理解所涵蓋的概念。


Shiva V. N. Parasram is the Executive Director and CISO of the Computer Forensics and Security Institute, which specializes in penetration testing, forensics, and advanced cybersecurity training. As the only Certified EC-Council Instructor (CEI) in the Caribbean, he has also trained hundreds in CCNA, CND, CEH, CHFI, ECSA, and CCISO, among other certifications. He has partnered with international companies including Fujitsu (Trinidad) and Take It To The Top LLC as the lead trainer for advanced cybersecurity courses. Shiva is also the author of two other books from Packt Publishing and has delivered workshops, lectures, and keynote speeches regionally for ISACA, universities, law associations, and other institutions.


Shiva V. N. Parasram 是電腦取證和安全研究所的執行董事和CISO,該機構專門從事滲透測試、取證和高級網絡安全培訓。作為加勒比地區唯一的EC-Council認證講師(CEI),他還培訓了數百名CCNA、CND、CEH、CHFI、ECSA和CCISO等認證人員。他與國際公司合作,包括富士通(千里達)和Take It To The Top LLC,擔任高級網絡安全課程的首席培訓師。Shiva還是Packt Publishing的另外兩本書的作者,並在ISACA、大學、法律協會和其他機構的地區工作坊、講座和主題演講中發表過演講。


  1. Introduction to Digital Forensics
  2. Installing Kali Linux
  3. Understanding Filesystems and Storage Media
  4. Incident Response and Data Acquisition
  5. Evidence Acquisition and Preservation with dc3dd and Guymager
  6. File Recovery and Data Carving with foremost, Scalpel, and bulk_extractor
  7. Memory Forensics with Volatility
  8. Artifact Analysis
  9. Autopsy
  10. Analysis with Xplico
  11. Network Analysis


  • 數位取證介紹

  • 安裝 Kali Linux

  • 檔案系統和儲存媒體的理解

  • 事件回應和資料取得

  • 使用 dc3dd 和 Guymager 進行證據取得和保存

  • 使用 foremost、Scalpel 和 bulk_extractor 進行檔案恢復和資料切割

  • 使用 Volatility 進行記憶體取證

  • 證據分析

  • 使用 Autopsy 進行分析

  • 使用 Xplico 進行分析

  • 網路分析