Kali Linux

15.

The Kali Linux Toolkit: Forensics

15.1.

Digital Forensics Fundamentals

15.1.1.

Forensic Process Overview

15.1.2.

Chain of Custody

15.1.3.

Evidence Handling

15.1.4.

Legal Considerations

15.1.5.

Forensic Imaging Principles

15.2.

Disk and File System Forensics

15.2.1.

Disk Imaging Tools

15.2.1.1.

15.2.1.1.1.

15.2.1.1.2.

Advanced Options

15.2.1.1.3.

15.2.1.1.4.

15.2.1.2.

15.2.1.2.1.

Enhanced Features

15.2.1.2.2.

Hash Calculation

15.2.1.2.3.

Progress Monitoring

15.2.1.3.

15.2.1.3.1.

15.2.1.3.2.

Multiple Format Support

15.2.1.3.3.

Verification Features

15.2.2.

File System Analysis

15.2.2.1.

15.2.2.1.1.

File System Investigation

15.2.2.1.2.

Timeline Analysis

15.2.2.1.3.

Deleted File Recovery

15.2.2.2.

15.2.2.2.1.

Case Management

15.2.2.2.2.

Automated Analysis

15.2.2.2.3.

Reporting Features

15.2.3.

Partition Analysis

15.2.3.1.

15.2.3.2.

15.2.3.3.

15.3.

File Recovery and Carving

15.3.1.

File Carving Tools

15.3.1.1.

15.3.1.1.1.

File Type Detection

15.3.1.1.2.

15.3.1.1.3.

Output Organization

15.3.1.2.

15.3.1.2.1.

Configuration Files

15.3.1.2.2.

Performance Optimization

15.3.1.2.3.

Custom Signatures

15.3.1.3.

15.3.1.3.1.

File Type Support

15.3.1.3.2.

15.3.1.3.3.

Damaged Media Recovery

15.3.2.

Deleted File Recovery

15.3.2.1.

15.3.2.2.

15.3.3.

Advanced Carving Techniques

15.3.3.1.

15.3.3.2.

Custom Signature Development

15.4.

Memory Forensics

15.4.1.

Memory Acquisition

15.4.1.1.

LiME (Linux Memory Extractor)

15.4.1.1.1.

Live Memory Capture

15.4.1.1.2.

15.4.1.1.3.

Network Transfer

15.4.1.2.

15.4.1.3.

15.4.2.

Memory Analysis

15.4.2.1.

Volatility Framework

15.4.2.1.1.

Profile Selection

15.4.2.1.2.

Process Analysis

15.4.2.1.3.

Network Connection Analysis

15.4.2.1.4.

Registry Analysis

15.4.2.1.5.

Malware Detection

15.4.2.1.6.

Timeline Creation

15.4.3.

Memory Analysis Techniques

15.4.3.1.

Process Listing

15.4.3.2.

15.4.3.3.

Handle Analysis

15.4.3.4.

String Extraction

15.5.

Network Forensics

15.5.1.

Packet Analysis

15.5.1.1.

Wireshark Forensics

15.5.1.1.1.

Evidence Extraction

15.5.1.1.2.

Protocol Reconstruction

15.5.1.1.3.

File Carving from Packets

15.5.1.2.

15.5.1.2.1.

15.5.1.2.2.

File Extraction

15.5.1.2.3.

Credential Recovery

15.5.2.

15.5.2.1.

System Log Analysis

15.5.2.2.

Web Server Log Analysis

15.5.2.3.

Firewall Log Analysis

15.5.2.4.

IDS/IPS Log Analysis

15.6.

Metadata and Document Analysis

15.6.1.

Metadata Extraction

15.6.1.1.

15.6.1.1.1.

15.6.1.1.2.

Document Metadata

15.6.1.1.3.

GPS Data Extraction

15.6.1.2.

15.6.1.3.

15.6.2.

Document Analysis

15.6.2.1.

15.6.2.1.1.

15.6.2.1.2.

15.6.2.1.3.

15.6.2.2.

Office Document Analysis

15.6.2.2.1.

15.6.2.2.2.

15.6.3.

Steganography Detection

15.6.3.1.

15.6.3.2.

15.6.3.3.

15.7.

Mobile Device Forensics

15.7.1.

Android Forensics

15.7.1.1.

ADB (Android Debug Bridge)

15.7.1.2.

Physical Acquisition

15.7.1.3.

Logical Acquisition

15.7.1.4.

Application Analysis

15.7.2.

15.7.2.1.

iTunes Backup Analysis

15.7.2.2.

Physical Acquisition Challenges

15.7.2.3.

Application Data Analysis

15.8.

Timeline Analysis

15.8.1.

Timeline Creation

15.8.1.1.

15.8.1.2.

15.8.2.

Timeline Analysis Tools

15.8.2.1.

Timeline Explorer

15.8.2.2.

Super Timeline Analysis

15.8.3.

Event Correlation

15.8.3.1.

Cross-System Timeline

15.8.3.2.

Anomaly Detection

15.9.

Forensic Reporting

15.9.1.

Report Structure

15.9.1.1.

Executive Summary

15.9.1.2.

Technical Analysis

15.9.1.3.

Evidence Documentation

15.9.1.4.

Conclusions and Recommendations

15.9.2.

Evidence Documentation

15.9.2.1.

Chain of Custody Forms

15.9.2.2.

Hash Verification

15.9.2.3.

Screenshot Documentation

15.9.3.

Case Management

15.9.3.1.

Evidence Tracking

15.9.3.2.

15.9.3.3.

Collaboration Tools

Previous

14. The Kali Linux Toolkit: Post-Exploitation

Go to top

Next

16. The Kali Linux Toolkit: Reporting Tools