最新章節
- Summary
- File analysis with DFF
- Recovering deleted files with DFF
- Starting the DFF GUI
- Installing DFF
- Revealing Evidence Using DFF
品牌:中圖公司
上架時間:2021-07-02 18:38:55
出版社:Packt Publishing
本書數字版權由中圖公司提供,并由其授權上海閱文信息技術有限公司制作發行
- Summary 更新時間:2021-07-02 21:34:07
- File analysis with DFF
- Recovering deleted files with DFF
- Starting the DFF GUI
- Installing DFF
- Revealing Evidence Using DFF
- Summary
- SMTP exercise using Wireshark sample file
- Email analysis using Xplico
- VoIP analysis using Xplico
- HTTP and web analysis using Xplico
- Packet capture analysis using Xplico
- Starting Xplico in DEFT Linux 8.2
- Starting Xplico in Kali Linux
- Software required
- Network and Internet Capture Analysis with Xplico
- Summary
- Reopening cases in Autopsy
- Sorting files
- Analysis using Autopsy
- Creating a new case
- Starting Autopsy
- Digital forensics with Autopsy
- Sample image file used in Autopsy
- Introduction to Autopsy – The Sleuth Kit
- Autopsy – The Sleuth Kit
- Summary
- Malware analysis
- The timeliner plugin
- Timeline of events
- Password dumping
- The hivelist plugin
- The hivescan plugin
- Registry analysis
- The getsids command
- The dlllist plugin
- The verinfo command
- DLL analysis
- The sockets plugin
- The connscan command
- The connections command
- Analyzing network services and connections
- The psxview plugin
- The psscan command
- The pstree command
- The pslist command
- Process identification and analysis
- The imageinfo plugin
- Choosing a profile in Volatility
- Using Volatility in Kali Linux
- Image location
- Downloading test images for use with Volatility
- About the Volatility Framework
- Memory Forensics with Volatility
- Summary
- Viewing results of Bulk_extractor
- Using Bulk_extractor
- Forensic test image for Bulk_extractor
- Bulk_extractor
- Comparing Foremost and Scalpel
- Viewing results of Scalpel
- Using Scalpel for file carving
- Specifying file types in Scalpel
- Using Scalpel for data carving
- Viewing Foremost results
- Using Foremost for file recovery and data carving
- Forensic test images used in Foremost and Scalpel
- File Recovery and Data Carving with Foremost Scalpel and Bulk Extractor
- Summary
- Hash verification
- Acquiring evidence with Guymager
- Running Guymager
- Image acquisition using Guymager
- Erasing a drive using DC3DD
- Verifying hashes of split image files
- File-splitting using DC3DD
- Using DC3DD in Kali Linux
- Maintaining evidence integrity
- Device identification using the fdisk command
- Drive and partition recognition in Linux
- Evidence Acquisition and Preservation with DC3DD and Guymager
- Summary
- Device and data acquisition guidelines and best practices
- Secure Hashing Algorithm (SHA)
- Message Digest (MD5) hash
- Data imaging and hashing
- Write blocking
- Powered-off devices
- Powered-on devices
- Powered-on versus powered-off device acquisition
- Chain of Custody
- Order of volatility
- Physical acquisition tools
- Physical evidence collection and preservation
- Documentation and evidence collection
- Incident response and first responders
- Digital evidence acquisitions and procedures
- Incident Response and Data Acquisition
- Summary
- The paging file and its importance in digital forensics
- Data volatility
- Slack space
- Metadata
- Data states
- What about the data?
- Filesystems and operating systems
- Solid-state drives
- SATA HDDs
- IDE HDDs
- Hard disk drives
- Flash memory cards
- USB flash drives
- Flash storage media
- Blu-ray disk
- Digital versatile disks
- Compact disks
- Optical storage media
- Evolution of the floppy disk
- Floppy disks
- Magnetic tape drives
- Removable storage media
- IBM and the history of storage media
- Storage media
- Understanding Filesystems and Storage Media
- Summary
- Exploring Kali Linux
- Partitioning the disk
- Installing Kali Linux on the virtual machine
- Preparing the Kali Linux virtual machine
- Installing Kali Linux in VirtualBox
- Installing Kali Linux
- Downloading Kali Linux
- Software version
- Installing Kali Linux
- Summary
- Online and offline anonymity
- Encryption
- Anti-forensics: threats to digital forensics
- The need for multiple forensics tools in digital investigations
- Kali Linux
- Computer Aided INvestigative Environment
- Digital evidence and forensics toolkit Linux
- Operating systems and open source tools for digital forensics
- Commercial tools available in the field of digital forensics
- The need for digital forensics as technology advances
- A brief history of digital forensics
- Digital forensics methodology
- What is digital forensics?
- Introduction to Digital Forensics
- Questions
- Piracy
- Errata
- Downloading the example code
- Customer support
- Reader feedback
- Conventions
- Who this book is for
- What you need for this book
- What this book covers
- Preface
- Customer Feedback
- Why subscribe?
- www.PacktPub.com
- About the Reviewers
- About the Author
- Disclaimer
- Credits
- 版權信息
- 封面
- 封面
- 版權信息
- Credits
- Disclaimer
- About the Author
- About the Reviewers
- www.PacktPub.com
- Why subscribe?
- Customer Feedback
- Preface
- What this book covers
- What you need for this book
- Who this book is for
- Conventions
- Reader feedback
- Customer support
- Downloading the example code
- Errata
- Piracy
- Questions
- Introduction to Digital Forensics
- What is digital forensics?
- Digital forensics methodology
- A brief history of digital forensics
- The need for digital forensics as technology advances
- Commercial tools available in the field of digital forensics
- Operating systems and open source tools for digital forensics
- Digital evidence and forensics toolkit Linux
- Computer Aided INvestigative Environment
- Kali Linux
- The need for multiple forensics tools in digital investigations
- Anti-forensics: threats to digital forensics
- Encryption
- Online and offline anonymity
- Summary
- Installing Kali Linux
- Software version
- Downloading Kali Linux
- Installing Kali Linux
- Installing Kali Linux in VirtualBox
- Preparing the Kali Linux virtual machine
- Installing Kali Linux on the virtual machine
- Partitioning the disk
- Exploring Kali Linux
- Summary
- Understanding Filesystems and Storage Media
- Storage media
- IBM and the history of storage media
- Removable storage media
- Magnetic tape drives
- Floppy disks
- Evolution of the floppy disk
- Optical storage media
- Compact disks
- Digital versatile disks
- Blu-ray disk
- Flash storage media
- USB flash drives
- Flash memory cards
- Hard disk drives
- IDE HDDs
- SATA HDDs
- Solid-state drives
- Filesystems and operating systems
- What about the data?
- Data states
- Metadata
- Slack space
- Data volatility
- The paging file and its importance in digital forensics
- Summary
- Incident Response and Data Acquisition
- Digital evidence acquisitions and procedures
- Incident response and first responders
- Documentation and evidence collection
- Physical evidence collection and preservation
- Physical acquisition tools
- Order of volatility
- Chain of Custody
- Powered-on versus powered-off device acquisition
- Powered-on devices
- Powered-off devices
- Write blocking
- Data imaging and hashing
- Message Digest (MD5) hash
- Secure Hashing Algorithm (SHA)
- Device and data acquisition guidelines and best practices
- Summary
- Evidence Acquisition and Preservation with DC3DD and Guymager
- Drive and partition recognition in Linux
- Device identification using the fdisk command
- Maintaining evidence integrity
- Using DC3DD in Kali Linux
- File-splitting using DC3DD
- Verifying hashes of split image files
- Erasing a drive using DC3DD
- Image acquisition using Guymager
- Running Guymager
- Acquiring evidence with Guymager
- Hash verification
- Summary
- File Recovery and Data Carving with Foremost Scalpel and Bulk Extractor
- Forensic test images used in Foremost and Scalpel
- Using Foremost for file recovery and data carving
- Viewing Foremost results
- Using Scalpel for data carving
- Specifying file types in Scalpel
- Using Scalpel for file carving
- Viewing results of Scalpel
- Comparing Foremost and Scalpel
- Bulk_extractor
- Forensic test image for Bulk_extractor
- Using Bulk_extractor
- Viewing results of Bulk_extractor
- Summary
- Memory Forensics with Volatility
- About the Volatility Framework
- Downloading test images for use with Volatility
- Image location
- Using Volatility in Kali Linux
- Choosing a profile in Volatility
- The imageinfo plugin
- Process identification and analysis
- The pslist command
- The pstree command
- The psscan command
- The psxview plugin
- Analyzing network services and connections
- The connections command
- The connscan command
- The sockets plugin
- DLL analysis
- The verinfo command
- The dlllist plugin
- The getsids command
- Registry analysis
- The hivescan plugin
- The hivelist plugin
- Password dumping
- Timeline of events
- The timeliner plugin
- Malware analysis
- Summary
- Autopsy – The Sleuth Kit
- Introduction to Autopsy – The Sleuth Kit
- Sample image file used in Autopsy
- Digital forensics with Autopsy
- Starting Autopsy
- Creating a new case
- Analysis using Autopsy
- Sorting files
- Reopening cases in Autopsy
- Summary
- Network and Internet Capture Analysis with Xplico
- Software required
- Starting Xplico in Kali Linux
- Starting Xplico in DEFT Linux 8.2
- Packet capture analysis using Xplico
- HTTP and web analysis using Xplico
- VoIP analysis using Xplico
- Email analysis using Xplico
- SMTP exercise using Wireshark sample file
- Summary
- Revealing Evidence Using DFF
- Installing DFF
- Starting the DFF GUI
- Recovering deleted files with DFF
- File analysis with DFF
- Summary 更新時間:2021-07-02 21:34:07
