Chapter 8: Artifact Analysis

In this chapter, we'll cover several different tools to uncover various artifacts that may be very useful to our forensic investigations. Most of the tools used in this chapter focus specifically on memory and swap analysis, while Network Mapper (Nmap) and p0f focus more on the network and device.

In this chapter, we'll cover the following topics:

Identifying and fingerprinting devices, operating systems, and running services with p0f and Nmap
Analyzing memory dumps to discover traces of ransomware
Performing swap analysis
Using swap_digger and mimipenguin for password dumping
Examining the Firefox browser and Gmail artifacts using pdgmail

Identifying devices and operating systems with p0f

If you're using the ...

Get Digital Forensics with Kali Linux - Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Digital Forensics with Kali Linux - Second Edition by Shiva V. N. Parasram

Chapter 8: Artifact Analysis

Identifying devices and operating systems with p0f

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly