更新时间:2021-07-02 21:34:07
封面
版权信息
Credits
Disclaimer
About the Author
About the Reviewers
www.PacktPub.com
Why subscribe?
Customer Feedback
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Downloading the example code
Errata
Piracy
Questions
Introduction to Digital Forensics
What is digital forensics?
Digital forensics methodology
A brief history of digital forensics
The need for digital forensics as technology advances
Commercial tools available in the field of digital forensics
Operating systems and open source tools for digital forensics
Digital evidence and forensics toolkit Linux
Computer Aided INvestigative Environment
Kali Linux
The need for multiple forensics tools in digital investigations
Anti-forensics: threats to digital forensics
Encryption
Online and offline anonymity
Summary
Installing Kali Linux
Software version
Downloading Kali Linux
Installing Kali Linux in VirtualBox
Preparing the Kali Linux virtual machine
Installing Kali Linux on the virtual machine
Partitioning the disk
Exploring Kali Linux
Understanding Filesystems and Storage Media
Storage media
IBM and the history of storage media
Removable storage media
Magnetic tape drives
Floppy disks
Evolution of the floppy disk
Optical storage media
Compact disks
Digital versatile disks
Blu-ray disk
Flash storage media
USB flash drives
Flash memory cards
Hard disk drives
IDE HDDs
SATA HDDs
Solid-state drives
Filesystems and operating systems
What about the data?
Data states
Metadata
Slack space
Data volatility
The paging file and its importance in digital forensics
Incident Response and Data Acquisition
Digital evidence acquisitions and procedures
Incident response and first responders
Documentation and evidence collection
Physical evidence collection and preservation
Physical acquisition tools
Order of volatility
Chain of Custody
Powered-on versus powered-off device acquisition
Powered-on devices
Powered-off devices
Write blocking
Data imaging and hashing
Message Digest (MD5) hash
Secure Hashing Algorithm (SHA)
Device and data acquisition guidelines and best practices
Evidence Acquisition and Preservation with DC3DD and Guymager
Drive and partition recognition in Linux
Device identification using the fdisk command
Maintaining evidence integrity
Using DC3DD in Kali Linux
File-splitting using DC3DD
Verifying hashes of split image files
Erasing a drive using DC3DD
Image acquisition using Guymager
Running Guymager
Acquiring evidence with Guymager
Hash verification