Digital Forensics with Kali Linux
5.0 (1 rating)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
26 students enrolled
Wishlisted Wishlist

Please confirm that you want to add Digital Forensics with Kali Linux to your Wishlist.

Add to Wishlist

Digital Forensics with Kali Linux

Simplify the art of digital forensics and analysis with Kali Linux
5.0 (1 rating)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
26 students enrolled
Created by Packt Publishing
Last updated 5/2017
English
Current price: $10 Original price: $125 Discount: 92% off
5 hours left at this price!
30-Day Money-Back Guarantee
Includes:
  • 3.5 hours on-demand video
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
What Will I Learn?
  • Understand the power of Kali Linux as a forensic analysis platform
  • Acquire forensically sound images from different types of media
  • Extract and analyze artifacts from images
  • Recover deleted data bypassing the file system
  • Acquire and analyze live memory
  • Capture and analyze network data packets.
  • Report on and present your findings
View Curriculum
Requirements
  • The course is for digital forensics professionals who want to get started or improve their skills in open source forensic platforms. It is also ideal for beginners who want to practice digital forensics with free and powerful tools.
  • The prerequisites for this course are the knowledge of the basic theory of digital forensics and the familiarity with Linux and its concepts.
Description

Kali Linux is the most comprehensive distributions for penetration testing and ethical hacking. It has some of the most popular forensics tools available to conduct formal forensics and investigations and perform professional-level forensics.

This video course teaches you all about the forensic analysis of computers and mobile devices that leverage the Kali Linux distribution. You’ll get hands-on, seeing how to conduct each phase of the digital forensics process: acquisition, extraction, analysis, and presentation, using the rich set of open source tools that Kali Linux provides for each activity.

The majority of this tools are also installed on other forensic Linux distributions, so the course is not only limited to Kali Linux but is suitable for any open-source forensic platform in the same way. We start by showing you how to use the tools (dc3dd in particular) to acquire images from the media to be analyzed, either hard drives, mobile devices, thumb drives, or memory cards. The course presents the Autopsy forensic suite and other specialized tools, such as the Sleuth Kit and RegRipper, to extract and analyze various artifacts from a Windows image. It also shows how to perform the analysis of an Android device image using Autopsy. Next, we cover file carving and the recovery of deleted data, and then the process of acquiring and analyzing RAM memory (live analysis) using the Volatility framework.

Another topic is treated in the course, that is network forensics; indeed, the course covers how to use Wireshark to capture and analyze network data packets.

Finally, we demonstrate how to report and present digital evidence found during the analysis. By the end of the course, you will be able to extract and recover data, analyze the acquired data, and report and present digital evidence from a device.

About The Author

Marco Alamanni has professional experience working as a Linux system administrator and Information Security analyst in banks and financial institutions.

He holds a BSc in Computer Science and an MSc in Information Security. His interests in information technology include ethical hacking, digital forensics, malware analysis, Linux, and programming, among other things. He also collaborates with IT magazines to write articles about Linux and IT security.

He has used Kali Linux on various occasions to conduct incident response and forensics in his professional activity, besides using it for penetration testing purposes. He is also the author of “Kali Linux Wireless Penetration Testing Essentials” published by Packt Publishing.

 I would like to thank Packt Publishing for having offered me this exciting project and all the people I have worked with during its realization for their guide and support.

A big thank goes to my family, in general, and in particular to my wife Candice and my sons, Niccolò and Fabio Antonio, for their love and encouragement.

This course is dedicated to the memory of a dear and special person, Maria Vitteri, that will always remain in our thoughts and in our hearts.

Who is the target audience?
  • The course is for digital forensics professionals who want to get started or improve their skills in open source forensic platforms. It is also ideal for beginners who want to practice digital forensics with free and powerful tools.
Students Who Viewed This Course Also Viewed
Curriculum For This Course
28 Lectures
03:23:40
+
Installation and Setup
3 Lectures 17:12
This video provides an overview of the entire course.
Preview 04:14

This video is an introduction to digital forensics and will cover the fundamental concepts that should be learned to fully understand the hands-on part of the course.

Brief Introduction to Digital Forensics
06:35

Get up and running with Kali Linux on your forensic workstation and how to install the Kali Linux Forensic Metapackage set of tools.

Downloading and Installing Kali Linux
06:23
+
Acquiring Forensic Images
5 Lectures 43:05

The goal of this video is to introduce the fundamentals of forensic imaging, covering topics such as hardware and software write blocking, different forensic image formats, geometry and special features of hard disks very important for digital forensics.

Preview 11:06

The aim of this video is to cover dcfldd and dc3dd, the two command line tools specifically designed to acquire forensically sound images.

Overview of Dcfldd and Dc3dd
05:00

Imaging the target drive, connected to the forensic workstation, with the dc3dd tool. In our case, the drive, for the sake of simplicity, is an USB flash drive.

Drive Imaging with dc3dd
09:01

This video covers the procedure of imaging an Android device using dc3dd.

Android Device Imaging with dc3dd
12:45

In this video, we introduce Guymager, a graphical imaging program
preinstalled on Kali Linux and show how to practically acquire an USB
thumb drive.

Image Acquisition with Guymager
05:13
+
Artifacts Extraction and Analysis with CLI Tools
5 Lectures 01:01:33

In this video, we are going to cover how to analyze the file
system of an image and for this purpose we are going to use a set of
command-line tools that are installed by default on Kali Linux, which is
the Sleuth Kit.

Preview 13:13

The video introduces the Windows Registry and underline its
importance in a forensic analysis. Then it covers RegRipper, an open
source tool specifically designed to extract forensic artifacts from the
Registry.

Windows Registry Analysis with RegRipper
09:24

In this video, we are going to cover the extraction and analysis of the most common types of Internet artifacts, which is relative to web browsers and e-mail clients, using the apposite various tools preinstalled on Kali Linux.

Extracting and Analyzing Browser, E-mail, and IM Artifacts
13:39

In this video, we are going to cover techniques and tools to
analyze files, determining if a file is malicious or not, the type of
data it contains and extracting its metadata.

File Analysis Tools
14:28

In this video, we are going to cover how to reconstruct a timeline
of the events that have occurred on the system, using
log2timeline/plaso, a framework that collects timestamps of events from
different sources and correlate them in a single timeline.

Building a Super-Timeline of the Events
10:49
+
File Carving and Data Recovery
3 Lectures 20:44

In this video, we are going to cover file carving, introducing unallocated and slack disk space and how to extract and identify deleted files. Then we are going to cover the Windows Recycle Bin and a tool to examine it, Rifiuti2.We are then going to show how to use foremost and other file carving tools to automatically recover deleted files and Bulk Extractor to retrieve a lot of information scanning the disk image at a raw level.

Preview 07:05

In this video, we are going to cover the recovery of deleted files
from a disk image using The Sleuth Kit tools and then show how to use
three CLI file carving tools pre-installed on Kali Linux: Foremost,
Scalpel and Photorec.

File Carving Tools
08:35

This video introduces and covers Bulk Extractor, a fast and
effective tool that allows to extract a bulk of data from a raw disk
image and to catalogue them into categories such as email address, URLs,
credit card numbers and so on.

Extracting Data with Bulk Extractor
05:04
+
The Autopsy Forensic Suite
3 Lectures 20:49
This video introduces the Autopsy forensic suite and provides a practical guide to install version 4 on Kali Linux.
Preview 05:11

This video shows a practical example of using Autopsy version 4 while analyzing a Windows disk image.

Analysis of a Windows Image with Autopsy
10:45

In this video, we show how to use Autopsy 4 to extract and analyze
artifacts from an Android device image, through the Android Analyzer
module.

Analysis of an Android Image with Autopsy
04:53
+
Memory Forensics
4 Lectures 15:39

This video introduces memory forensics and recalls the most important concepts of virtual memory and paging.

Preview 04:01

The aim of this video is to learn more about memory acquisition.

Memory Acquisition
04:05

In this video, we are going to introduce the Volatility memory
analysis framework and shows a practical example of analysis of a memory
image using it.

Introduction to Volatility
03:10

In this video, we are going to show how to practically use the
Volatility framework to analyze a sample memory image of a Windows 7 64
bit system.

Memory Analysis with Volatility
04:23
+
Network Forensics
3 Lectures 15:53
In this video, we are going to introduce network forensics and the basic theory of networking, TCP/IP in particular.
Preview 05:05

In this video, we are going to introduce Wireshark, perhaps the
most popular packet sniffer and analyzer, and then show a practical
scenario where we have to capture network traffic between two hosts on
the same network.

Capturing Network Traffic with Wireshark
06:31

In this video, we are going to show a practical example of
analyzing network traffic captured in the previous video during the
simulation of an attack, using Wireshark

Network Traffic Analysis with Wireshark
04:17
+
Reporting
2 Lectures 08:45

This video introduces the reporting phase in digital forensic,
explaining its relevance in the process and the steps in which it’s
divided:

Preview 03:33

This video covers some of the documentation and reporting tools included in Kali Linux and then shows how to produce a report with the help of the Autopsy tool.
Documentation and Reporting Tools
05:12
About the Instructor
Packt Publishing
3.9 Average rating
7,196 Reviews
51,408 Students
616 Courses
Tech Knowledge in Motion

Packt has been committed to developer learning since 2004. A lot has changed in software since then - but Packt has remained responsive to these changes, continuing to look forward at the trends and tools defining the way we work and live. And how to put them to work.

With an extensive library of content - more than 4000 books and video courses -Packt's mission is to help developers stay relevant in a rapidly changing world. From new web frameworks and programming languages, to cutting edge data analytics, and DevOps, Packt takes software professionals in every field to what's important to them now.

From skills that will help you to develop and future proof your career to immediate solutions to every day tech challenges, Packt is a go-to resource to make you a better, smarter developer.

Packt Udemy courses continue this tradition, bringing you comprehensive yet concise video courses straight from the experts.