Here we are. Join me as we get started by installing Kali Linux. Some of our readers may already be familiar with the installation process, and perhaps even some of the advanced features, such as partitioning and networking. For the beginners and those new to Kali Linux, we encourage you to pay attention to this chapter as we begin from the absolute basics of downloading Kali Linux, working our way up to a successful installation.
The topics that we are going to cover in this chapter are as follows:
Kali Linux has been around for quite some time. Known previously as BackTrack, with releases from versions one to five, Kali Linux was first seen in 2015 and released as Kali 1.0. From 2016 onward, Kali Linux was then named according to the year of release. For instance, at the time of writing this book the version used is Kali 2019.4, released in November 2019.
For those running older versions of Kali, or purchasing this book at a later date when new versions of Kali Linux may be available, you can easily update your instance of Kali Linux by using the sudo apt-get update distro command, demonstrated toward the end of this chapter.
For safety and security reasons, it is always best to download Kali Linux directly from the website of its creators, Offensive Security. The main reason for this is that the downloads of Kali Linux on other pages could possibly be fake, or worse, infected with malware such as Trojans, rootkits, and even ransomware. Offensive Security has also included hashes of all versions of Kali Linux downloads on their site, allowing users to compare the hash of their downloaded version of Kali Linux with what was generated and posted by Offensive Security on their website (https://www.kali.org). Once there, you can click on the downloads link, or go directly to the Kali Linux downloads page by visiting https://www.kali.org/downloads/.
Once on the downloads page, we can see nine instances of Kali Linux available for download, each with specific category information:
Tip
32-bit operating systems are limited to utilizing only 4 GB of RAM. Should you have a system with more than 4 GB of RAM, you may wish to download the 64-bit version of Kali Linux.
Important note
ISO files (or ISO images, as they are commonly called) are exact copies of data used specifically when duplicating data.
For this book, we'll be using Kali Linux Large 64-Bit, downloaded as an ISO image, as in the following screenshot:
As mentioned in Chapter 1, Introduction to Digital Forensics, Kali Linux can be used as a live-response operating system as well as a full operating system, installed and run from a hard disk. Tools such as Rufus and UNetbootin can also be used to install Kali Linux to removable storage media, including a flash drive, SD card, or external hard disk drive, depending on the user's preference.
For those who may not have the available resources to install Kali Linux on a brand new drive, there is also the option of installing Kali Linux within a virtual environment. Users can use virtualization technology, such as VMware and VirtualBox, to be able to run the Kali Linux operating system as a guest machine within their host machine.
VirtualBox can run on many platforms, including Windows, macOS, Linux, and Solaris. In this section, we'll install VirtualBox 6.0 on our host machine and take it from there.
VirtualBox can be found at https://www.virtualbox.org/wiki/Downloads:
Depending on the operating system you are working on, download the respective package.
Once VirtualBox has been downloaded, it can be installed and then configured to run Kali Linux and many other operating systems, depending on the amount of RAM available.
When setting up a new guest operating system or guest virtual machine, we first click on New and then fill in the following details:
You can refer to the following image for the same details:
We then click Next and proceed to allocate RAM in the Memory size prompt:
In the preceding screenshot, we can see the maximum RAM capacity to the right of the screen. The machine I used has 8192 MB (rounded off to 8 GB) of RAM. Although the recommended memory size for Kali Linux is a meager 1024 MB (1 GB), I do recommend at least 4 GB of RAM for smooth functionality when using the forensic tools. I have allocated 4096 MB of RAM for use on my virtual machine.
Next, we create a virtual machine by adding a virtual hard disk. I recommend starting with a new virtual hard disk, which is the second option in the selection. Click on Create to proceed, then choose VDI (VirtualBox Disk Image) as the Hard disk file type:
Once VDI has been selected, choose the Dynamically allocated option to allow the virtual hard disk to be expanded, if the need arises:
For the next step, we select the file location and the size of the virtual hard disk chosen. The recommended size for the Kali Linux VDI is 8 GB, but I've assigned an ample 32 GB. Once finished, click on Create to complete the creation of the virtual hard disk:
This concludes the preparation of the virtual disk. Let's now install Kali Linux as a virtual machine.
Once the virtual hard disk has been prepared and completed by following the steps from the previous section, we can then begin the actual Kali Linux installation process. In Oracle VM VirtualBox Manager, which is the main operating system management window for VirtualBox, we can see that the virtual machine has been prepared and we can now install Kali Linux.
To the middle of the screen, we can also see the resources assigned, such as the Name and Operating System type in the General section, and the amount of RAM assigned in the System section. Other settings, such as the Video RAM (VRAM) and Display settings can also be accessed within this section:
Important note
As a side note, I should also draw your attention to the Live (forensic mode) option, which would be available to us when booting from a DVD, flash drive, or other removable storage media. It's a good idea to always have a copy of Kali Linux for situations where live forensics may be needed.
The partitioning of the hard disk (whether virtual or physical) involves splitting the drive into logical drives. Think of it as having a large apartment studio comprised of one large room. Now imagine that you've put up a wall to separate the apartment in half. It's still physically one apartment but now it's separated into two rooms. One can be used as the main apartment and the other as storage, or you can even have two smaller apartments to share with yourself and a friend. Equally, a partition can allow the installation of multiple operating systems on a hard disk or even the creation of additional volumes to use as storage space:
Important note:
The other options in the preceding screenshot present the user with options for setting up Logical Volume Manager (LVM) and encrypted LVM. LVM manages logical partitions and can create, resize, and delete Linux partitions.
We're now just a few clicks away from having our Kali Linux virtual machine installed and operational.
This concludes our Kali Linux installation within a virtual machine. Before we get started using it, however, let's look at another installation method by installing Kali Linux on a portable drive.
As I mentioned earlier in this chapter, it is always a good idea to have an installation of Kali Linux on a forensically sound device, such as a flash drive or SD card, to aid in live incident response.
For best results, I recommend using a USB 3.0 (32 GB) flash drive or thumb drive and, if using an SD card, I recommend using a Class 10 (32 GB) card:
Thus begins the formatting process:
Once the process has completed, the green status bar displays READY:
Regardless of the method chosen to install Kali Linux, let's now move on to exploring the Kali Linux interface.
Once our installation is complete, we can start Kali Linux. If you're using the VirtualBox installation, you will be presented with the usual Kali Linux splash screen. Choose the *Kali GNU/Linux option:
To log in, enter root as the username and the password you previously configured:
This brings us to our Kali Linux desktop:
When logged in, one of the first things we should do is enter three commands in the terminal to update Kali.
To get to the terminal, which is the equivalent of Command Prompt in Windows, click on Applications | Terminal.
With the terminal open, enter the following commands so that Kali Linux can check for package updates, software upgrades, and distribution updates:
The apt-get command is used to install software (and can also be used to uninstall software). The apt-get update command checks for new versions of software and packages while the apt-get upgrade command actually upgrades the software and packages to the latest versions:
At this point, we have a successfully updated installation of Kali Linux, which now contains the latest versions of tools as well as specific forensic repositories that contain the tools that we will be using. As this book deals with digital forensics in Kali Linux, we can dive right in by taking a look at some of the tools for forensics available on the Forensics menu in the main application menu.
There are two ways to get to the Forensics menu in Kali Linux:
You'll notice that there are more tools available in this second option. This isn't to say that these are all the forensics tools available to us in Kali Linux. Many are available via the terminal, some of which will be accessed in this manner in later chapters.
I also encourage you to explore Kali Linux and its many wonderful features that also make it a fully functional operating system, not just for use in forensics and penetration testing.
Important note:
Should you be interested in discovering more about Kali Linux as a penetration-testing (pen-testing) distribution, Packt Publishing has many detailed books on Kali Linux, which I wholeheartedly endorse. I own many of them in paperback and use them regularly on the job as well as for preparing my lectures.
In this chapter, we dived into the technical aspect of Kali Linux and discovered the types of modes available to us via the Kali Linux ISO image, whether running it from a live environment or installing it in a virtual environment. Kali Linux can also be installed on removable storage, such as a flash drive or SD card. Being such a versatile operating system, we can also install Kali Linux as a full-fledged operating system.
We also looked in depth at installing Kali Linux in a virtual environment using VirtualBox. For beginners, I'd recommend this method of installation, as it allows trial and error within an isolated environment. Be sure to allocate enough RAM and remember that the 32-bit version of Kali Linux only allows up to 4 GB of RAM to be recognized and utilized. As a reminder, I once again suggest that you have access to both a Kali Linux live medium (created using Rufus) as well as an installation of the OS, whether physical or virtual, to ensure that all bases are covered.
Understanding the forensics tools used in Kali Linux is an excellent way to go about your investigations but we also need to understand the workings of storage media, filesystems, data types, and locations. Join me in the next chapter, as we continue our journey into digital forensics by first understanding these fundamental concepts.
You may want to consider keeping a log of tests, which ensures that tools were tested prior to investigation in the event that you are called upon to verify or defend your findings.