KALI LINUX DIGITAL FORENSICS 2025: Master Techniques, Tools, and Protocols for Investigations in Digital Environments
About this ebook
This book is intended for students and security professionals, DFIR and SOC/IR teams who seek to master forensic investigation, acquisition, analysis, and automation using Kali Linux and a robust ecosystem of open tools and global brands, in the most demanding market scenarios.
Structured for immediate application, the content covers lab preparation, chain of custody, bit-by-bit imaging, file system analysis (NTFS, EXT4, APFS), memory and network forensics, event timelines and correlation, defensible technical reports, and integration with NIST and ISO frameworks across Windows, Linux, macOS, Android, and iOS environments.
You will perform:
• Acquisition and integrity verification with dd, dc3dd, Guymager, and SHA-256/MD5 hashing
• Disk and artifact analysis with The Sleuth Kit/TSK, Autopsy, and mactime
• Recovery and carving with PhotoRec, Foremost, Bulk Extractor, and ExifTool
• Memory analysis with Volatility 3, profiles, plugins, and detection with YARA
• Timelines and correlation with Plaso/Log2Timeline and Timesketch
• Network forensics with Wireshark, PCAPs, Zeek, and protocol inspection
• Windows artifacts (Registry, Prefetch, ShimCache, AmCache, SRUM) and macOS/iOS/Android (ADB, backups, logs)
• Encryption and evidence unlocking with BitLocker, LUKS, and key management
• Automation and remote collection with KAPE and Velociraptor, integration with ELK/OpenSearch and MISP
• Compliance and documentation according to NIST SP 800-86, RFC 3227, ISO/IEC 27037/27041, and IR best practices
By the end, you will be able to conduct triage, acquisition, analysis, and incident response with methodological rigor, produce technically sound reports for audits and legal proceedings, and integrate forensic workflows into enterprise-scale security operations.
kali linux, dfir, autopsy, volatility 3, sleuth kit, wireshark, log2timeline, timesketch, yara, zeek, kape, velociraptor, guymager, tsk, pcap, bitlocker, luks, windows registry, prefetch, shimcache, amcache, srum, exiftool, photorec, foremost, mactime, elk, opensearch, misp, nist sp 800-86, iso 27037, iso 27041, rfc 3227, forensic timeline, incident response, memory analysis, network analysis, evidence acquisition
About the author
Diego Rodrigues
Technical Author and Independent Researcher
ORCID: https://orcid.org/0009-0006-
StudioD21 Smart Tech Content & Intell Systems
Email: [email protected]
LinkedIn: linkedin.com/in/diegoexpertai
International technical author (tech writer) focused on the structured production of applied knowledge. He is the founder of StudioD21 Smart Tech Content & Intell Systems, where he leads the creation of intelligent frameworks and the publication of didactic technical books supported by artificial intelligence, such as the Kali Linux Extreme series, SMARTBOOKS D21, among others.
Holder of 42 international certifications issued by institutions such as IBM, Google, Microsoft, AWS, Cisco, META, Ec-Council, Palo Alto, and Boston University, he works in the fields of Artificial Intelligence, Machine Learning, Data Science, Big Data, Blockchain, Connectivity Technologies, Ethical Hacking, and Threat Intelligence.
Since 2003, he has developed more than 200 technical projects for brands in Brazil, the USA, and Mexico. In 2024, he established himself as one of the leading technical book authors of the new generation, with over 180 titles published in six languages. His work is based on his proprietary TECHWRITE 2.3 applied technical writing protocol, focused on scalability, conceptual precision, and practical applicability in professional environments.
