Summary
In this chapter, we ped into the technical aspect of Kali Linux and discovered the types of modes available to us via the Kali Linux ISO image, whether running it from a live DVD, or installing it in a virtual environment. As well as being used as a live response forensic tool from a DVD, Kali can also be installed onto removable storage such as a flash drive or SD card. Being such a versatile operating system, we can also install Kali as a full-fledged operating system.
We also looked in depth at installing Kali Linux in a virtual environment using VirtualBox. For beginners, I'd definitely recommend this method of installation, as it allows for trial and error within an isolated environment. Be sure to allocate enough RAM, and also remember that the 32-bit version of Kali only allows up to 4 GB of RAM to be recognized and utilized. As a reminder, I once again suggest that you have access to both a Kali Linux live DVD and an installation of the OS, whether physical or virtual, to ensure that all bases are covered.
Understanding the forensics tools used in Kali is an excellent way to go about your investigations but we also need to understand the workings of storage media, file systems, data types, and locations. Join me in the next chapter, as we continue our journey into digital forensics by first understanding these fundamental concepts. See you in Chapter 3, Understanding File Systems and Storage Media.