Kali Linux is the most comprehensive distributions for penetration testing and ethical hacking. It has some of the most popular forensics tools available to conduct formal forensics and investigations and perform professional-level forensics.
This video course teaches you all about the forensic analysis of computers and mobile devices that leverage the Kali Linux distribution. You’ll get hands-on, seeing how to conduct each phase of the digital forensics process: acquisition, extraction, analysis, and presentation, using the rich set of open source tools that Kali Linux provides for each activity.
The majority of this tools are also installed on other forensic Linux distributions, so the course is not only limited to Kali Linux but is suitable for any open-source forensic platform in the same way. We start by showing you how to use the tools (dc3dd in particular) to acquire images from the media to be analyzed, either hard drives, mobile devices, thumb drives, or memory cards. The course presents the Autopsy forensic suite and other specialized tools, such as the Sleuth Kit and RegRipper, to extract and analyze various artifacts from a Windows image. It also shows how to perform the analysis of an Android device image using Autopsy. Next, we cover file carving and the recovery of deleted data, and then the process of acquiring and analyzing RAM memory (live analysis) using the Volatility framework.
Another topic is treated in the course, that is network forensics; indeed, the course covers how to use Wireshark to capture and analyze network data packets.
Finally, we demonstrate how to report and present digital evidence found during the analysis. By the end of the course, you will be able to extract and recover data, analyze the acquired data, and report and present digital evidence from a device.
About The Author
Marco Alamanni has professional experience working as a Linux system administrator and Information Security analyst in banks and financial institutions.
He holds a BSc in Computer Science and an MSc in Information Security. His interests in information technology include ethical hacking, digital forensics, malware analysis, Linux, and programming, among other things. He also collaborates with IT magazines to write articles about Linux and IT security.
He has used Kali Linux on various occasions to conduct incident response and forensics in his professional activity, besides using it for penetration testing purposes. He is also the author of “Kali Linux Wireless Penetration Testing Essentials” published by Packt Publishing.
I would like to thank Packt Publishing for having offered me this exciting project and all the people I have worked with during its realization for their guide and support.
A big thank goes to my family, in general, and in particular to my wife Candice and my sons, Niccolò and Fabio Antonio, for their love and encouragement.
This course is dedicated to the memory of a dear and special person, Maria Vitteri, that will always remain in our thoughts and in our hearts.
This video is an introduction to digital forensics and will cover the fundamental concepts that should be learned to fully understand the hands-on part of the course.
Get up and running with Kali Linux on your forensic workstation and how to install the Kali Linux Forensic Metapackage set of tools.
The goal of this video is to introduce the fundamentals of forensic imaging, covering topics such as hardware and software write blocking, different forensic image formats, geometry and special features of hard disks very important for digital forensics.
The aim of this video is to cover dcfldd and dc3dd, the two command line tools specifically designed to acquire forensically sound images.
Imaging the target drive, connected to the forensic workstation, with the dc3dd tool. In our case, the drive, for the sake of simplicity, is an USB flash drive.
This video covers the procedure of imaging an Android device using dc3dd.
In this video, we introduce Guymager, a graphical imaging program
preinstalled on Kali Linux and show how to practically acquire an USB
In this video, we are going to cover how to analyze the file
system of an image and for this purpose we are going to use a set of
command-line tools that are installed by default on Kali Linux, which is
the Sleuth Kit.
The video introduces the Windows Registry and underline its
importance in a forensic analysis. Then it covers RegRipper, an open
source tool specifically designed to extract forensic artifacts from the
In this video, we are going to cover the extraction and analysis of the most common types of Internet artifacts, which is relative to web browsers and e-mail clients, using the apposite various tools preinstalled on Kali Linux.
In this video, we are going to cover techniques and tools to
analyze files, determining if a file is malicious or not, the type of
data it contains and extracting its metadata.
In this video, we are going to cover how to reconstruct a timeline
of the events that have occurred on the system, using
log2timeline/plaso, a framework that collects timestamps of events from
different sources and correlate them in a single timeline.
In this video, we are going to cover file carving, introducing unallocated and slack disk space and how to extract and identify deleted files. Then we are going to cover the Windows Recycle Bin and a tool to examine it, Rifiuti2.We are then going to show how to use foremost and other file carving tools to automatically recover deleted files and Bulk Extractor to retrieve a lot of information scanning the disk image at a raw level.
In this video, we are going to cover the recovery of deleted files
from a disk image using The Sleuth Kit tools and then show how to use
three CLI file carving tools pre-installed on Kali Linux: Foremost,
Scalpel and Photorec.
This video introduces and covers Bulk Extractor, a fast and
effective tool that allows to extract a bulk of data from a raw disk
image and to catalogue them into categories such as email address, URLs,
credit card numbers and so on.
This video shows a practical example of using Autopsy version 4 while analyzing a Windows disk image.
In this video, we show how to use Autopsy 4 to extract and analyze
artifacts from an Android device image, through the Android Analyzer
This video introduces memory forensics and recalls the most important concepts of virtual memory and paging.
The aim of this video is to learn more about memory acquisition.
In this video, we are going to introduce the Volatility memory
analysis framework and shows a practical example of analysis of a memory
image using it.
In this video, we are going to show how to practically use the
Volatility framework to analyze a sample memory image of a Windows 7 64
In this video, we are going to introduce Wireshark, perhaps the
most popular packet sniffer and analyzer, and then show a practical
scenario where we have to capture network traffic between two hosts on
the same network.
In this video, we are going to show a practical example of
analyzing network traffic captured in the previous video during the
simulation of an attack, using Wireshark
This video introduces the reporting phase in digital forensic,
explaining its relevance in the process and the steps in which it’s
Packt has been committed to developer learning since 2004. A lot has changed in software since then - but Packt has remained responsive to these changes, continuing to look forward at the trends and tools defining the way we work and live. And how to put them to work.
With an extensive library of content - more than 4000 books and video courses -Packt's mission is to help developers stay relevant in a rapidly changing world. From new web frameworks and programming languages, to cutting edge data analytics, and DevOps, Packt takes software professionals in every field to what's important to them now.
From skills that will help you to develop and future proof your career to immediate solutions to every day tech challenges, Packt is a go-to resource to make you a better, smarter developer.
Packt Udemy courses continue this tradition, bringing you comprehensive yet concise video courses straight from the experts.