Experience Seamless Full Ebook Downloads for Every Genre at textbookfull.

com

Digital Forensics with Kali Linux Enhance your

investigation skills by performing network and
memory forensics with Kali Linux 3rd Edition
Parasram
https://textbookfull.com/product/digital-forensics-with-
kali-linux-enhance-your-investigation-skills-by-performing-
network-and-memory-forensics-with-kali-linux-3rd-edition-
parasram/

OR CLICK BUTTON

DOWNLOAD NOW

Explore and download more ebook at https://textbookfull.com

 Recommended digital products (PDF, EPUB, MOBI) that
you can download immediately if you are interested.

Mastering Kali Linux for advanced penetration testing

secure your network with Kali Linux the ultimate hackers
arsenal Second Edition Velu
https://textbookfull.com/product/mastering-kali-linux-for-advanced-
penetration-testing-secure-your-network-with-kali-linux-the-ultimate-
hackers-arsenal-second-edition-velu/
textboxfull.com

Penetration Testing with Kali Linux Offensive Security

https://textbookfull.com/product/penetration-testing-with-kali-linux-
offensive-security/

textboxfull.com

Penetration Testing with Kali Linux OSCP Offensive

Security

https://textbookfull.com/product/penetration-testing-with-kali-linux-
oscp-offensive-security/

textboxfull.com

Kali Linux 2018 Windows Penetration Testing Conduct

network testing surveillance and pen testing on MS Windows
using Kali Linux 2018 2nd Edition Halton
https://textbookfull.com/product/kali-linux-2018-windows-penetration-
testing-conduct-network-testing-surveillance-and-pen-testing-on-ms-
windows-using-kali-linux-2018-2nd-edition-halton/
textboxfull.com
Linux Basics for Hackers Getting Started with Networking
Scripting and Security in Kali Occupytheweb

https://textbookfull.com/product/linux-basics-for-hackers-getting-
started-with-networking-scripting-and-security-in-kali-occupytheweb/

textboxfull.com

Kali Linux Wireless Penetration Testing Beginner's Guide

-Third 3rd Edition Cameron Buchanan

https://textbookfull.com/product/kali-linux-wireless-penetration-
testing-beginners-guide-third-3rd-edition-cameron-buchanan/

textboxfull.com

Linux Basics for Hackers Getting Started with Networking

Scripting and Security in Kali 1st Edition Occupytheweb

https://textbookfull.com/product/linux-basics-for-hackers-getting-
started-with-networking-scripting-and-security-in-kali-1st-edition-
occupytheweb/
textboxfull.com

Learning Kali Linux security testing penetration testing

and ethical hacking First Edition Messier

https://textbookfull.com/product/learning-kali-linux-security-testing-
penetration-testing-and-ethical-hacking-first-edition-messier/

textboxfull.com

Kali Linux 2 Assuring Security by Penetration Testing

Third Edition Gerard Johansen Lee Allen Tedi Heriyanto
Shakeel Ali
https://textbookfull.com/product/kali-linux-2-assuring-security-by-
penetration-testing-third-edition-gerard-johansen-lee-allen-tedi-
heriyanto-shakeel-ali/
textboxfull.com
Digital Forensics with Kali Linux

Enhance your investigation skills by performing network and

memory forensics with Kali Linux 2022.x

Shiva V. N. Parasram

BIRMINGHAM—MUMBAI
Digital Forensics with Kali Linux
Copyright © 2023 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted
in any form or by any means, without the prior written permission of the publisher, except in the case
of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information
presented. However, the information contained in this book is sold without warranty, either express
or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable
for any damages caused or alleged to have been caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and
products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot
guarantee the accuracy of this information.

Group Product Manager: Pavan Ramchandani

Publishing Product Manager: Prachi Sawant
Senior Content Development Editor: Adrija Mitra
Technical Editor: Arjun Varma
Copy Editor: Safis Editing
Project Coordinator: Sean Lobo
Proofreader: Safis Editing
Indexer: Manju Arasan
Production Designer: Shankar Kalbhor
Marketing Coordinator: Marylou De Mello

First published: December 2017

Second edition: April 2020
Third edition: April 2023

Production reference: 1160323

Published by Packt Publishing Ltd.

Livery Place
35 Livery Street
Birmingham
B3 2PB, UK.

ISBN 978-1-83763-515-3

www.packtpub.com
 I dedicate this book to my father, Harry Goolcharran Parasram (1950–2021),
an author, teacher, poet, artist, the most brilliant man I’ve ever known, and the
most loving father a son could hope and pray for. The man who taught me the importance
of being patient and kind and knowing when to take risks. The one who got me started with
computers and technology. The man who taught me to care for my family and be a strong,
intelligent, and loving man. Not a day goes by that I don’t think of you. You’re missed every day.
Thank you, daddy. Love you endlessly.
 Contributors

About the author

Shiva V. N. Parasram is a cybersecurity and risk consultant with over 19 years of experience and is
the executive director of the Computer Forensics and Security Institute (CFSI), which specializes
in pentesting, Digital Forensics and Incident Response (DFIR), and advanced security training with
a global reach. As the only Certified EC-Council Instructor (CEI) in the Caribbean, he has trained
thousands and is the founder of the CFSI CyberFence program. Shiva is also the author of three other
books from Packt Publishing and has delivered workshops regionally and globally for ISACA, ISC2,
universities, and security agencies. He is also a Security Risk Manager Consultant for PTRMS (Canada)
positioned within a global financial institution, and a cybersecurity mentor at Springboard (US).

I’d like to thank the team at Packt (Shrilekha, Sean, Adrija, and Prachi) for their support; the technical
reviewers, Alex Samm and Deodath Ganga; my guru, Pt. Persad; my parents, Harry and Indra; my
wife, Savi; the loveable Bindi; and Dr. Mala, Dr. Nilash Ramnarine, and Dr. Sharad Mohip. I also
have to thank all my friends who were there for me throughout my most trying times recently. Special
thanks to the CFSI family also. I am truly blessed.
About the reviewers
Alex Samm has worked in the cybersecurity space for over 10 years, primarily focused on penetration
testing and red teaming. He has conducted penetration tests for organizations in the financial sector,
education, public utilities, oil and gas, and state entities. He has also executed incident response and
digital forensics for financial institutions and other state entities.
Alex is currently employed at BDO B.V. as a consultant in their advisory services team and provides
services that include penetration testing, ERP assessments, data analytics, IT risk assessments, and
other digital services.

I’d like to thank my family for all the support they provide. They have encouraged my obsession with
technology and driven me to learn more. Huge thanks to my friends that keep me grounded and
remind me to take time to relax.

Deodath Ganga is an information security and networking professional with over 20 years’ experience
in information technology, networking, and cybersecurity. He is a senior security advisor and consultant
who is positioned as an information security technology risk manager for a client in the global banking
sector. He is also an experienced penetration tester, digital forensic investigator, and purple teamer, as
well as a senior cybersecurity lecturer who teaches ethical hacking, digital forensic investigation, and
cyber defense. Deodath is passionate about cyber safety and works as a senior cybersecurity awareness
officer, educating people about the dangers of the cyber realm and ways to keep themselves safe.
 Table of Contents
Prefacexv

Part 1: Blue and Purple Teaming Fundamentals

1
Red, Blue, and Purple Teaming Fundamentals 3
How I got started with Kali Linux 4 Understanding blue teaming 9
What is Kali Linux? 5 Understanding purple teaming 12
Why is Kali Linux so popular? 6 Summary14
Understanding red teaming 8

2
Introduction to Digital Forensics 15
What is digital forensics? 15 Computer Aided INvestigative
Environment (CAINE) 25
The need for blue and purple teams 16
CSI Linux 30
Digital forensics methodologies
Kali Linux 35
and frameworks 18
DFIR frameworks 20 The need for multiple forensics tools
in digital investigations 39
Comparison of digital forensics
Commercial forensics tools 40
operating systems 21
Anti-forensics – threats to digital forensics 41
Digital evidence and forensics toolkit Linux 23
Summary44
viii Table of Contents

3
Installing Kali Linux 45
Technical requirements 45 Installing Kali as a standalone
Downloading Kali Linux 45 operating system 56
Downloading the required tools and images 48 Installing Kali in VirtualBox 57
Downloading the Kali Linux Preparing the Kali Linux VM 58
Everything torrent 48
Installing Kali Linux on the virtual
Installing Kali Linux on portable machine62
storage media for live DFIR 50 Installing and configuring Kali Linux as a
virtual machine or as a standalone OS 67

Summary80

4
Additional Kali Installations and Post-Installation Tasks 81
Installing a pre-configured version Enabling the root user
of Kali Linux in VirtualBox 81 account in Kali 92
Installing Kali Linux Adding the Kali Linux forensics
on Raspberry Pi4 85 metapackage96
Updating Kali 89 Summary96

5
Installing Wine in Kali Linux 99
What Wine is and the advantages Configuring our Wine installation 105
of using it in Kali Linux 99 Testing our Wine installation 109
Installing Wine 100 Summary114
 Table of Contents ix

Part 2: Digital Forensics and Incident Response

Fundamentals and Best Practices
6
Understanding File Systems and Storage 117
History and types of storage media 118 Solid-state drives 131
IBM and the history of storage media 118 File systems and operating systems 133
Removable storage media 119
Microsoft Windows 133
Magnetic tape drives 119
Macintosh (macOS) 134
Floppy disks 119
Linux134
Optical storage media 120
Blu-ray Disc 122 Data types and states 135
Flash storage media 122 Metadata135
USB flash drives 123 Slack space 136
Flash memory cards 125
Volatile and non-volatile data and
Hard disk drives 128
the order of volatility 136
Integrated Drive Electronics HDDs 129
The importance of RAM, the paging
Serial Advanced Technology
Attachment HDDs 130
file, and cache in DFIR 138
Summary139

7
Incident Response, Data Acquisitions, and DFIR Frameworks 141
Evidence acquisition procedures 142 The CoC 150
Incident response and The importance of write blockers 150
first responders 143 Data imaging and maintaining
Evidence collection and evidence integrity 151
documentation144 Message Digest (MD5) hash 152
Physical acquisition tools 145 Secure Hashing Algorithm (SHA) 153

Live versus post-mortem acquisition 148 Data acquisition best practices and
Order of volatility 148 DFIR frameworks 154
Powered-on versus powered-off device DFIR frameworks 155
acquisition148
Summary156
x Table of Contents

Part 3: Kali Linux Digital Forensics and Incident

Response Tools
8
Evidence Acquisition Tools 159
Using the fdisk command for Drive acquisition using Guymager 175
partition recognition 160 Running Guymager 176
Device identification using the Acquiring evidence with Guymager 177
fdisk command 161
Drive and memory acquisition
Creating strong hashes for evidence using FTK Imager in Wine 182
integrity163 Installing FTK Imager 182
Drive acquisition using DC3DD 165 RAM acquisition with FTK Imager 190
Verifying the hash output of image files 171
RAM and paging file acquisition
Erasing a drive using DC3DD 171
using Belkasoft RAM Capturer 191
Drive acquisition using DD 173 Summary192

9
File Recovery and Data Carving Tools 193
File basics 194 Data carving with Scalpel 205
Downloading the sample files 194 Data extraction with bulk_extractor 209
File recovery and data carving with NTFS recovery using scrounge-ntfs 214
Foremost195 Image recovery using Recoverjpeg 218
Image recovery with Magicrescue 201 Summary222
 Table of Contents xi

10
Memory Forensics and Analysis with Volatility 3 223
What’s new in Volatility 3 223 Memory dump analysis using
Downloading sample memory Volatility 3 232
dump files 225 Image and OS verification 232
Installing Volatility 3 in Kali Linux 225 Process identification and analysis 234

Summary243

11
Artifact, Malware, and Ransomware Analysis 245
Identifying devices and operating PDF malware analysis 253
systems with p0f 245 Using Hybrid Analysis for malicious
Looking at the swap_digger tool to file analysis 257
explore Linux artifacts 250 Ransomware analysis
Installing and using swap_digger 250 using Volatility 3 260
Password dumping with The pslist plugin 262
MimiPenguin252 Summary270

Part 4: Automated Digital Forensics and Incident

Response Suites
12
Autopsy Forensic Browser 273
Introduction to Autopsy – The Creating a new case in the Autopsy
Sleuth Kit 274 forensic browser 279
Downloading sample files for Evidence analysis using the Autopsy
use and creating a case in the forensic browser 284
Autopsy browser 275 Summary289
Starting Autopsy 276
xii Table of Contents

13
Performing a Full DFIR Analysis with the Autopsy 4 GUI 291
Autopsy 4 GUI features 291 Creating new cases and getting
Installing Autopsy 4 in Kali Linux acquainted with the Autopsy 4
using Wine 292 interface297
Downloading sample files for Analyzing directories and recovering
automated analysis 297 deleted files and artifacts with
Autopsy 4 305
Summary310

Part 5: Network Forensic Analysis Tools

14
Network Discovery Tools 313
Using netdiscover in Kali Linux to Using Shodan.io to find IoT
identify devices on a network 313 devices including firewalls,
Using Nmap to find additional CCTV, and servers 321
hosts and devices on a network 316 Using Shodan filters for IoT searches 322
Using Nmap to fingerprint Summary327
host details 319

15
Packet Capture Analysis with Xplico 329
Installing Xplico in Kali Linux 329 Using Xplico to automatically
Installing DEFT Linux 8.1 in analyze web, email, and voice traffic 339
VirtualBox331 Automated web traffic analysis 341
Downloading sample analysis files 336 Automated SMTP traffic analysis 345
Automated VoIP traffic analysis 346
Starting Xplico in DEFT Linux 337
Summary348
 Table of Contents xiii

16
Network Forensic Analysis Tools 349
Capturing packets using Wireshark 350 Online PCAP analysis using
Packet analysis using NetworkMiner 357 apackets.com371
Packet capture analysis Reporting and presentation 375
with PcapXray 362 Summary376
Online PCAP analysis using
packettotal.com368

Index377

Other Books You May Enjoy 390

 Preface
In this third edition of this book, you’ll find that the theory and methodologies have remained
mostly the same with updates on general technical information, best practices, and frameworks, as
the procedures and documentation are standard throughout the field; however, you’ll find that the
technical chapters contain new labs using new examples. I’ve also included a few completely new
chapters that go deeper into artifact analysis, automated data recovery, malware, and network analysis,
showcasing several tools with practical exercises that even beginners will find easy to follow. We even
utilize Wine, which will allow us to install very popular (Digital Forensics and Incident Response)
(DFIR) tools built for the Windows platform (such as Autopsy 4) within Kali Linux. This book is quite
useful for Red Teamers and penetration testers who wish to learn about or enhance their DFIR and
Blue Teaming skillsets to become Purple Teamers by combining their penetration testing skills with
the digital forensics and incident response skills that will be taught throughout this book.

Who this book is for

The third edition of this book was carefully structured to be easily understood by individuals at all
levels, from beginners and digital forensics novices to incident response professionals alike, as the first
six chapters serve to get you acquainted with the technologies used and also guide you through setting
up Kali Linux, before delving into forensic analysis, data recovery, malware analysis, automated DFIR
analysis, and network forensics investigations. Red teamers and penetration testers wanting to learn
Blue Teaming skillsets to become Purple Teamers may also find the contents of this book very useful.

What this book covers

Chapter 1, Red, Blue, and Purple Teaming Fundamentals, informs you about the different types of cyber
security teams to which penetration testers and forensic investigators belong, and the skillsets required.
Chapter 2, Introduction to Digital Forensics, introduces you to the world of digital forensics and forensic
methodology, and also introduces you to various forensic operating systems.
Chapter 3, Installing Kali Linux, covers the various methods that can be used to install Kali Linux as a
virtual machine or as a standalone operating system, which can also be run from a flash drive or SD card.
Chapter 4, Additional Kali Installations and Post-Installation Tasks, builds upon the Kali installation and
guides you through performing additional installations and post-installation tasks such as enabling
a root user and updating Kali Linux.
xvi Preface

Chapter 5, Installing Wine in Kali Linux, shows the versatility of Linux systems, where you will learn
how to install and use forensic tools designed to be used in the Windows platform, in a Kali Linux
system using Wine.
Chapter 6, Understanding File Systems and Storage Media, dives into the realm of operating systems
and the various formats for file storage, including secret hiding places not seen by the end user, or even
the operating system. We also inspect data about data, known as metadata, and look at its volatility.
Chapter 7, Incident Response, Data Acquisitions, and DFIR Frameworks, asks what happens when
an incident is reported or detected. Who are the first responders and what are the procedures for
maintaining the integrity of the evidence? In this chapter, we look at best practices, procedures, and
frameworks for data acquisition and evidence collection.
Chapter 8, Evidence Acquisition Tools, builds on the theory behind data acquisitions and best practices
and teaches you to use industry-recognized tools such as DC3DD, DD, Guymager, FTK Imager, and
RAM Capturer to perform data and image acquisition while preserving evidence integrity.
Chapter 9, File Recovery and Data Carving Tools, introduces the investigative side of digital forensics
by using various tools such as Magic Rescue, Scalpel, Bulk_Extractor, scrounge_ntfs, and
recoverjpeg to carve and recover data and artifacts from forensically acquired images and media.
Chapter 10, Memory Forensics and Analysis with Volatility 3, takes us into the analysis of memory
artifacts and demonstrates the importance of preserving volatile evidence such as the contents of the
RAM and the paging file.
Chapter 11, Artifact, Malware, and Ransomware Analysis, carries us much deeper into artifact analysis
using p0f, swap_digger, and mimipenguin, and, thereafter, demonstrates how to perform malware
and ransomware analysis using pdf-parser, hybrid-analysis.com, and Volatility.
Chapter 12, Autopsy Forensic Browser, showcases automated file recovery and analysis within Kali
Linux using a single tool.
Chapter 13, Performing a Full DFIR Analysis with the Autopsy 4 GUI, dives much deeper into automated
file carving, data recovery, and analysis using one of the most powerful and free forensic tools, which
takes forensic abilities and investigations to a professional level, catering for all aspects of full digital
forensics investigations, from hashing to reporting.
Chapter 14, Network Discovery Tools, showcases network scanning and reconnaissance tools such as
netdiscover, nmap, and Shodan, which, although not specifically designed for use as forensic tools,
are useful in providing additional information when performing incident response.
Chapter 15, Packet Capture Analysis with Xplico, gives an insightful use of automated packet analysis
using one tool for investigating network and internet traffic.
Chapter 16, Network Forensic Analysis Tools, ends the book by demonstrating how to capture and analyze
packets using a variety of tools and websites including Wireshark, NetworkMiner, packettotal.
com, and apackets.com.
 Preface xvii

To get the most out of this book

Although we have tried our best to explain all concepts and technologies in this book, it may be
beneficial if you have prior knowledge of downloading and installing software and are at least familiar
with basic computer and networking concepts such as RAM, CPU, virtualization, and network ports.

Software/hardware Operating system requirements

covered in the book
Kali 2022.x and later Minimum specs: A PC or laptop with 8 GB RAM, 250 GB free hard drive
space, and a Ryzen 7 or i5 CPU
Recommended specs: 16 GB RAM, 250 GB free hard drive space, and a
Ryzen 7 or i7 CPU

If you are using the digital version of this book, we advise you to type the code yourself or access
the code from the book’s GitHub repository (a link is available in the next section). Doing so will
help you avoid any potential errors related to the copying and pasting of code.

Download the example code files

You can download the example code files for this book from GitHub at https://github.com/
PacktPublishing/Digital-Forensics-with-Kali-Linux-Third-Edition. If
there’s an update to the code, it will be updated in the GitHub repository.
We also have other code bundles from our rich catalog of books and videos available at https://
github.com/PacktPublishing/. Check them out!

Download the color images

We also provide a PDF file that has color images of the screenshots and diagrams used in this book.
You can download it here: https://packt.link/vLuYi.

Conventions used
There are a number of text conventions used throughout this book.
Code in text: Indicates code words in text, database table names, folder names, filenames, file
extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: “Power on
your Pi and Kali will boot. Again, the default username and password are both kali (in lowercase).”
xviii Preface

Any command-line input or output is written as follows:

sudo apt update

Bold: Indicates a new term, an important word, or words that you see onscreen. For instance, words
in menus or dialog boxes appear in bold. Here is an example: “You can view some of the forensics
tools by clicking on Applications | 11-Forensics on the main Kali menu.”

Tips or important notes

Appear like this.

Get in touch
Feedback from our readers is always welcome.
General feedback: If you have questions about any aspect of this book, email us at customercare@
packtpub.com and mention the book title in the subject of your message.
Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen.
If you have found a mistake in this book, we would be grateful if you would report this to us. Please
visit www.packtpub.com/support/errata and fill in the form.
Piracy: If you come across any illegal copies of our works in any form on the internet, we would
be grateful if you would provide us with the location address or website name. Please contact us at
[email protected] with a link to the material.
If you are interested in becoming an author: If there is a topic that you have expertise in and you
are interested in either writing or contributing to a book, please visit authors.packtpub.com.
 Preface xix

Share Your Thoughts

Once you’ve read Digital Forensics with Kali Linux, we’d love to hear your thoughts! Please click here
to go straight to the Amazon review page for this book and share your feedback.
Your review is important to us and the tech community and will help us make sure we’re delivering
excellent quality content.
xx Preface

Download a free PDF copy of this book

Thanks for purchasing this book!
Do you like to read on the go but are unable to carry your print books everywhere?
Is your eBook purchase not compatible with the device of your choice?
Don’t worry, now with every Packt book you get a DRM-free PDF version of that book at no cost.
Read anywhere, any place, on any device. Search, copy, and paste code from your favorite technical
books directly into your application.
The perks don’t stop there, you can get exclusive access to discounts, newsletters, and great free content
in your inbox daily
Follow these simple steps to get the benefits:

1. Scan the QR code or visit the link below

https://packt.link/free-ebook/9781837635153

2. Submit your proof of purchase

3. That’s it! We’ll send your free PDF and other benefits to your email directly
 Part 1:
Blue and Purple Teaming
Fundamentals

As we begin our journey into Digital Forensics and Incident Response (DFIR), it is important that
we have a clear understanding of Blue and Purple Teaming, which is compared to Red Teaming, and
also have a firm grasp on fundamental knowledge required to create a Blue and Purple Teaming lab
environment. This section explains the terminology and looks at the skillsets required in becoming a
Blue and Purple Teamer, and also demonstrates various methods of setting up a DFIR lab environment.
This part has the following chapters:

• Chapter 1, Red, Blue, and Purple Teaming Fundamentals

• Chapter 2, Introduction to Digital Forensics
• Chapter 3, Installing Kali Linux
• Chapter 4, Additional Kali Installations and Post-Installation Tasks
• Chapter 5, Installing Wine in Kali Linux
 1
Red, Blue, and Purple
Teaming Fundamentals
Welcome to the third edition of Digital Forensics with Kali Linux, and for those of you who may have
purchased the previous editions, welcome back. I’d also like to sincerely thank you for once again
choosing this exciting title. As with the second edition, this third edition has been updated with
new tools, easy-to-follow labs, and a couple of new chapters. We have an exciting journey ahead of
us, and I’m pleased to announce the inclusion of some major additions, including the installation
of Wine, which will allow us to run Windows tools within Kali Linux and will be covered in its
entirety in Chapter 5, Installing Wine in Kali Linux. Chapter 10, Memory Forensics and Analysis with
Volatility 3, is also brand-new and shows how to perform RAM artifact analysis on newer operating
systems. Another new chapter on using the Autopsy v4 Graphical User Interface (GUI) to perform
full Digital Forensics and Incident Response (DFIR) analysis and investigations can be found in
Chapter 13, Performing a Full DFIR Analysis with the Autopsy 4 GUI.
Besides these major additions, we will also look at some new topics, such as creating a portable Kali
Linux box using Raspberry Pi 4 and learning about tools such as DD-rescue, scrounge-ntfs, Magic
Rescue, PDF-Parser, Timeliner, netdiscover, and introduce Shodan.io and apackets.com for Internet
of Things (IoT) discovery and packet analysis.
For this book, we take a very structured approach to digital forensics, as we would in forensic science.
First, we will stroll into the world of digital forensics, its history, and some of the tools and operating
systems used for forensics, and we will immediately introduce you to the concepts involved in
evidence preservation.
With that said, we have a lot to cover and will start by learning about Kali and the various cybersecurity
teams and the differences between red, blue, and purple teaming. For our returning and advanced
readers who may have prior knowledge of Kali Linux and the respective teams, feel free to skim
through the first two chapters and get straight into the practical aspects in Chapter 3, Installing Kali
Linux, Chapter 4, Additional Kali Installations and Post-Installation Tasks, and Chapter 5, Installing
Wine in Kali Linux, which detail the installations of Kali and Wine.
4 Red, Blue, and Purple Teaming Fundamentals

In this chapter we will cover the following key topics:

• What is Kali Linux?

• Understanding red teaming
• Understanding blue teaming
• Understanding purple teaming

Before we get started with these topics, the following is a sneak peek at how I got into the world of
Kali Linux, as I feel some of you will be able to relate to my story!

How I got started with Kali Linux

Digital forensics has had my attention for well over 15 years. Ever since I was given my first PC (thanks,
Mom and Dad), I’ve always wondered what happened when I deleted my files from my massively large
2 GB (Gigabyte) hard drive or moved my files to (and often hid them on) a less-than-inconspicuous
3.5-inch floppy diskette that maxed out at 1.44 MB (Megabytes) in capacity.
I soon learned that hard and floppy disk drives did not possess the digital immortality I so confidently
believed in. Sadly, many files, documents, and priceless fine art created in Microsoft Paint by yours
truly were lost to the digital afterlife, never to be retrieved again. Sigh. The world shall never know.
It wasn’t until years later that I came across an article on file recovery and associated tools while
browsing the magical World Wide Web (WWW) on my lightning-fast 42 Kbps dial-up internet
connection (made possible by my very expensive USRobotics dial-up modem), which sang the tune
of the technology gods every time I tried to connect to the realm of the internet. This process involved
a stealthy ninja-like skill that would make even a black-ops team envious, as it involved doing so
without my parents noticing, as this would prevent them from using the telephone line to make or
receive phone calls (apologies, dear Mother, Father, and older teenage sister).
The previous article on data recovery wasn’t anywhere near as detailed and fact-filled as the many great
peer-reviewed papers, journals, and books on digital forensics widely available today. As a total novice
(also referred to as a noob) in the field, I did learn a great deal about the basics of file systems, data and
metadata, storage measurements, and the workings of various storage media. It was at this time that,
even though I had read about the Linux operating system and its various distributions (or distros),
I began to get an understanding of why Linux distros were popular for data recovery and forensics.
I managed to bravely download the Auditor and Slax Linux distributions, again on a dial-up
connection. Just downloading these operating systems was quite a feat, which left me feeling highly
accomplished as I did not have any clue as to how to install them, let alone actually use them. In those
days, easy installation and GUIs were still under heavy development, as user-friendly, or in my case,
user-unfriendly, as they were at the time (mostly due to my inexperience, lack of recommended
hardware, and also lack of resources, such as online forums, blogs, and YouTube, which I did not yet
know about).
 What is Kali Linux? 5

As time passed, I researched many tools found on various platforms for Windows, Macintosh, and
many Linux distributions. I found that many of the tools used in digital forensics could be installed
on various Linux distributions or flavors, and many of these tools were well maintained, constantly
being developed, and widely accepted by peers in the field. Kali Linux is a Linux distribution or flavor,
but before we go any further, let me explain the concept of a Linux distribution or flavor. Consider
your favorite beverage: this beverage can come in many flavors, some without sweeteners or sugar,
in different colors, and even in various sizes. No matter the variations, it’s still the basic ingredients
that comprise the beverage at the core. In this way, too, we have Linux and then different types and
varieties of Linux. Some more popular Linux distros and flavors include RedHat, CentOS, Ubuntu,
Mint, KNOPPIX, and, of course, Kali Linux. More on Kali Linux will be discussed in Chapter 3,
Installing Kali Linux.
With that said, let’s move on to our next section as we get started with exploring the enchanting world
of Kali Linux!

What is Kali Linux?

Kali Linux is a Debian-based operating system used globally by cyber security professionals, students,
and IT enthusiasts. Debian is a flavor of Linux that is completely free, stable, constantly updated,
supports many types of hardware, and is also used by popular operating systems such as Ubuntu and
Zorin. Kali Linux is certainly not new to the cybersecurity field and even goes back to the mid-2000s,
but it was known then as BackTrack, which was a combination of two platforms called Auditor Security
and Whax. This merge happened in 2006, with subsequent versions of BackTrack being released up
to 2011 when BackTrack 5, based on Ubuntu 10.04, was released.
In 2013, Offensive Security released the first version of Kali v1 (Moto), which was based on Debian 7,
and then Kali v2 in 2015, which was based on Debian 8. Following this, Kali Linux Rolling was released
in 2016, with the names of the distribution reflecting both the year of release and the major update
of the quarterly period. For example, at the time of writing, I use Kali 2022.3 and 2022.4, both
based on recent versions of Debian. You can find more on the open source and free Debian Project
at https://www.debian.org/intro/about.
As a cybersecurity professional, a Chief Information Security Officer (CISO), penetration tester
(pentester), and subject matter expert in DFIR, I have used BackTrack and now Kali Linux for well
over a decade since I first came across it when I started studying for the Certified Ethical Hacker exam
in 2006. Since then, I’ve used a myriad of operating systems for pentesting and digital forensics, but
my main tool of choice, particularly for pentesting, is Kali Linux. Although Kali Linux has focused
less on DFIR and more on penetration testing, it makes it much easier for me to have both penetration
testing and DFIR tools on one platform rather than have to switch between them.
For our readers who may have purchased the first and second editions of this book, I’d say you’re
certainly in for a treat as I’ve not only updated many labs and introduced new tools in this edition,
but I’ve also included a chapter on installing Wine in Kali Linux. Windows Emulator (Wine) allows
6 Red, Blue, and Purple Teaming Fundamentals

you to run Windows applications in Kali Linux. Although it takes a bit of configuration, I’ve compiled
a step-by-step guide on how to install Wine in Chapter 5, Installing Wine in Kali Linux.
Some of you may be wondering why we would install Wine instead of simply using a Windows machine.
There are quite a few valid reasons actually. Firstly, cost is a major factor. Windows licenses aren’t
cheap if you’re a student, in between jobs, changing careers, or live in a region where the exchange rate
and forex are limiting factors in purchasing licensing. At the time of writing, the cost of a Windows
10 Professional license is $199.00, as listed on Microsoft’s site at https://www.microsoft.
com/en-us/d/windows-10-pro/df77x4d43rkt?activetab=pivot:overviewtab.
Although we will not be using commercial tools in this book, there are some amazing free DFIR tools
that are available for Windows, such as Belkasoft RAM Capturer, Autopsy 4 GUI, and NetworkMiner,
which we can now install within our open source Kali Linux environment instead of on a licensed
Windows machine. These tools will be covered in detail in Chapter 8, Evidence Acquisition Tools,
Chapter 13, Performing a Full DFIR Analysis with the Autopsy 4 GUI, and Chapter 16, Network Forensic
Analysis Tools, respectively.
Another consideration is that Wine again saves us the hassle of having to switch between physical
machines and can also save on resource utilization such as Random Access Memory (RAM), Central
Processing Unit (CPU), Hard Disk Drive (HDD) space, and other resources when using virtual
machines, which we will discuss more in detail in the next chapter.
Finally, we can install many other Windows applications in Kali Linux using tools, whether they be
productivity tools or even tools for penetration testing, thus making our Kali Linux installation the
perfect purple teaming operating system environment, which we will discuss later in this chapter.

Why is Kali Linux so popular?

Aside from being one of the oldest, InfoSec distros (distributions), Kali Linux has a very large support
base, and you can find thousands of tutorials on installation, using built-in tools, and installing additional
tools on YouTube, TikTok, and the internet at large, making it one of the more user-friendly platforms.
Kali Linux also comes with over 600 tools, all of which are nicely categorized in Kali’s Applications
menu. Many of the tools included in Kali can perform various cybersecurity tasks ranging from Open
Source Intelligence (OSINT), scanning, vulnerability assessments, exploitation and penetration testing,
office and productivity tools, and, of course, DFIR. The full listing of tools can be found at https://
www.kali.org/tools/all-tools/.
The following screenshot gives a preview of the category listings in the Kali Linux menu.
 What is Kali Linux? 7

Figure 1.1 – Category listing in the Kali Linux menu

Kali Linux users also have the option to download and install (meta)packages manually rather than
downloading a very large installation file. Kali Linux (meta)packages contain tools and dependencies
that may be specific to an assessment or task, such as information gathering, vulnerability assessments,
wireless hacking, and forensics. Alternatively, a user can download the kali-linux-everything (meta)
package. We’ll go into more detail about (meta)package installations in Chapter 4, Additional Kali
Installations and Post-Installation Tasks, but if you’d like to know more about what (meta)packages
exist, you can find the full listing at https://www.kali.org/docs/general-use/
metapackages/.
8 Red, Blue, and Purple Teaming Fundamentals

Yet another reason why Kali Linux is so popular is that there are several versions available for a
multitude of physical, virtual, mobile, and portable devices. Kali is available as a standalone operating
system image and can also be installed virtually using their pre-built images for virtual platforms such
as VMware and VirtualBox, which will be covered in detail in Chapter 3, Installing Kali Linux, and
Chapter 4, Additional Kali Installations and Post-Installation Tasks. There are also versions of Kali for
ARM devices, cloud instances, and even the ability to run Kali Linux in Windows 10 under the Windows
Subsystem for Linux (WSL). On a personal note, I also use the mobile version of Kali Linux called
Kali NetHunter on an old OnePlus phone and also on a Raspberry Pi 4, which, when connected to a
power bank, serve as the ultimate portable security assessment toolkit. As far as installation on mobile
phones goes, NetHunter (and even Kali Linux itself in some cases) can be installed on a variety of phones
from Samsung, Nokia, OnePlus, Sony, Xiaomi, Google, or ZTE. We’ll look at installing Kali Linux in
VirtualBox and Raspberry Pi 4 in Chapter 4, Additional Kali Installations and Post-Installation Tasks.
The fact that Kali Linux offers all these features for free and can be easily upgraded with the addition
of new tools just a couple of clicks and commands away makes it the perfect purple teaming solution.
Let’s take a look at red, blue, and purple teaming and the skillsets required for each team.

Understanding red teaming

Possibly the most commonly known team among users of Kali Linux, the red team is the name given
to the collective of individuals responsible for handling the offensive side of security as it relates to
OSINT, scanning, vulnerability assessments, and the penetration testing of resources, including but
not limited to individuals, companies, host end users (desktops, laptops, mobiles), and network and
critical infrastructure such as servers, routers, switches, firewalls, NAS, databases, WebApps, and
portals. There are also systems such as IoT, Operational Technology (OT) devices, and Industrial
Control Systems (ICS), which also require assessments by highly skilled red teamers.
Red teamers are generally thought of as highly skilled ethical hackers and penetration testers who, apart
from having the skill sets to conduct the assessments listed previously, may also have the technical
certifications that allow them to do so. Although certifications may not directly reflect the abilities of
the individuals, they have been known to aid in obtaining jobs.
Some red teaming certifications include (but are not limited to):

• Offensive Security Certified Professional (OSCP): Developed by the creators of Kali Linux
• Certified Ethical Hacker (CEH): From the EC-Council
• Practical Network Penetration Tester (PNPT): Developed by TCM Security
• Pentest+: By CompTIA
• SANS SEC: Courses from the SANS Institute
• e-Learn Junior Penetration Tester (eJPT): Developed by e-Learn Security for beginners
interested in becoming red teamers
Other documents randomly have
different content
was immediately placed under quarantine, on account of the
small-pox having occurred at two distinct periods on board the
vessel during the passage. The vessel was not released from her
unpleasant situation until the commencement of March, having
been, previous to her release, thoroughly fumigated, and the
clothes of all the infected persons burnt and washed at the
quarantine station, before being admitted into the cove of
Sydney.
[58] This is not uncommon among savage nations; the
introduction of dysentery at Otaheite, or Tahiti, was attributed to
Vancouver; and in Beechey’s interesting narrative we are told that
the Pitcairn islanders had imbibed similar notions with regard to
shipping calling at their island, of leaving them a legacy of some
disease. Mr. Hamilton Hume, (the well-known Australian traveller,)
who accompanied Captain Sturt in his expedition to the
northward, says the natives were suffering severely from this
eruptive malady, when they arrived among them, and numbers
had died, and many more were still dying, from its virulence. The
description of the disease he gave me accords in most points with
that given by Dr. Mair.
[59] Quoted in Good’s Study of Medicine, vol. iii. page 82.
[60] We tasted some excellent ale which had been brewed on
the farm, and it was gratifying to find that so wholesome a
beverage could be made by the colonists. The hop thrives well in
this part of the colony, and I understand succeeds even better on
the farms at the Hunter’s River.
[61] This pass in the mountain range was discovered by Mr.
Hamilton Hume, (in the expedition made to the south-west of
Australia, by those enterprising travellers, Messrs. Hovell and
Hume,) and from which the important discovery of Yas (or
according to the aboriginal pronunciation, Yar) Plains was made.
[62] Derived from two Malay words, Kayu puti, signifying
“white wood;” (Kayu, wood; puti, white). The mode of preparing
the oil is as follows:—“The leaves are collected in a hot dry day,
and put into thoroughly dry bags, in which, nevertheless, they
soon spontaneously heat and become moist, as if macerated in
water. They are then cut in pieces, infused in water, and left to
ferment for a night, after which they are distilled. The quantity of
oil they yield is very small, scarcely more than three fluid drachms
being obtained from two bags of leaves.”—Rumphius.
 “When newly drawn it is very limpid, pellucid, and volatile; and
Rumphius says, smells strongly of cardamoms, but is more
pleasant. On account of the high price of real Caju puti oil, it is
said to be often adulterated with oil of turpentine, and coloured
with resin of milfoil.”—Thompson’s London Dispensary, 8vo. page
416.
[63] At New Zealand a pit is dug in the ground, in which some
stones are placed, and a fire lighted upon them, and suffered to
remain until they are well-heated; after the fire is removed, water
is thrown over the stones, and damp leaves placed also upon
them, which causes much steam to arise; the meat, potatoes,
&c., are then placed into this oven, enveloped in leaves, and the
whole entirely covered with earth; it remains for nearly an hour,
when the cooking process is found to be completed.
[64] Among the Coroados Indians in the interior of Brazil, “it is
very common for several families to quit their abodes and settle
where new fruits are ripening, or where the chase is more
productive.”—Spix and Martius Travels in Brazil, 8vo. Eng. Trans.
vol. ii. p. 248.
And why, we may ask, do the inhabitants of civilized countries
emigrate? It may be answered, to gain recompence for their
labour, and to be able to maintain themselves and families. Yet
we blame savages for acting upon the same principle, their wants
causing them to lead a wandering life.
[65] It is also recorded of the Coroados Indians in the interior
of Brazil, according to Spix and Martius, “When they carry on war,
their leader is the best hunter, he who has killed the greatest
number of Enemies, Ounces, &c., and has the greatest share of
cunning. At home his commands are not attended to—every body
commands at home, according to his own pleasure.”—Travels in
Brazil, 8vo. Eng. Transl. vol. ii. p. 245.
[66] This fish is of the family of perches, and probably the
same as described by the French naturalists, as a new genus,
under the name of Gryptes Brisbanii.
[67] The aborigines are expert fishermen; and I have seen
them capture a number of fish, when Europeans trying near them
have not had even a nibble. About the Fish river, the aborigines
have a novel manner of fishing—by placing a bait at the end of a
spear, when the water is clear, and on the fish approaching, they
transfix it with much expertness.
 [68] The black cockatoo (of which at present there are only
two species known) feeds on the larvæ of insects, or seeds of the
Banksia, Hakea, and even those of the Xanthorrhœa, or grass
tree.
[69] “Krardgee,” signifying a person who attends on the sick;
and “kibba,” a stone.
[70] Yas Plains are distant one hundred and eighty-six miles
from Sydney.
[71] Forest scenery in Australia is of a very dull character: with
all my admiration of the vegetable kingdom, I could find but very
little that was interesting in their appearance, unless flowering
shrubs and plants were in profusion.
[72] The settlers in Australia, as in America, call wheat, barley,
&c. grain; and when Englishmen speak of corn-fields, they
consider he alludes to maize, which is alone called corn in this
country. This often leads to mistakes in conversation.
[73] It is the beautiful Neem tree of India; the root is stated to
be bitter and nauseous, and is used in North America as
anthelminthic.
[74] The patients are persons only under the employ of
government, or assigned servants of the settlers; for the latter
the master pays a shilling daily for a month, or as many days less
as the man may remain in the hospital; but should he remain
longer than a month, no further charge is made.
[75] Since the above was written, this inconvenience has been
obviated, by government establishing an hospital at Goulburn
Plains.
[76] The following is the definition of a clergyman, as once
given by one of the aborigines: “He, white feller, belonging to
Sunday, get up top o’ waddy, pile long corrobera all about debbil
debbil, and wear shirt over trowsel.”
[77] The largest specimen measured—

Inch.
Length of the body 4½
Length of the claw 3⁶⁄₈
Breadth of the shield 1⅜
Breadth of the claw 1⅛
 Breadth of expanded tail 1⅞
Length of the anterior antennæ 4²⁄₈
Length of the posterior antennæ 1½

The colour of the upper part of the body, in the large

specimens, was brownish green; the upper part of the claws
blueish green, occasionally mottled; under surface, whitish;
joints, red. The smaller specimens had the upper surface of the
body of a dark green colour, claws blueish green and mottled:
several of the females had a quantity of ova in the usual
situation.
[78] In March the season commences, at Sydney, for “cray-
fish,” which are caught in large quantities, and of enormous size,
about the sea-coast, and are hawked about the streets at a cheap
rate; therefore, in this colony, cray-fish abound in the sea, and
lobsters in the river.
[79] Both the black and brown snakes take to the water on the
appearance of danger; indeed they evidently procure their food
from the banks of streams, and may be considered both land and
water snakes.
[80] From the following paragraph, copied from the “Sydney
Herald” newspaper, the bite of this reptile does not prove so
immediately fatal as had been represented to me.
“The overseer of Mr. Cox, at Mulgoa, a few days since, was
bitten by a yellow snake. The piece was cut out, but the
unfortunate man still remains in a dangerous state.”—October
25th, 1832.
[81] There is a fine stuffed specimen of this reptile deposited in
the Colonial Museum, in which the colours are well retained.
[82] For an account of this unnatural fact, and the supposed
cause that produced it, see a separate account in the Appendix,
at the end of the second volume.
[83] This occasioned a lady at home to declare, that of all the
wonderful productions of Australia, she thought nothing could
equal the “feathered donkey.”
[84] From secondary limestone rocks on Yas Plains, about one
mile and a-half distant from the river, I collected large masses of
what appears to be fossil Rotularia.
 [85] The fossil bones found in the cave at Wellington Valley
refer to eight species of animals, of the following genera:—

Dasyurus, or Thylacinus.
Hypsiprymnus, or Kangaroo Rat.
Phascolomys one species.
Kangaroo two, if not three species.
Elephant one species.
Halmaturus two species.

Of these eight species, four belong to animals unknown to

zoologists; viz.

Two species of Halmaturus.

One species of Hypsiprymnus.
One species of Elephant.

Kangaroo—three species not easily ascertained.

Dasyurus is doubtful, no head having been found.

Edinburgh Journal.
[86] But little doubt exists in the minds of naturalists that this
animal is not indigenous to Australia; its not being met with in
Van Dieman’s Land (when all the other genera peculiar to
Australia are found there) will rather tend to confirm the
hypothesis.
[87] The Australian dog never barks; and it is remarked by Mr.
Gardiner, in a work entitled the “Music of Nature,” “that dogs in a
state of nature never bark; they simply whine, howl, and growl:
this explosive noise is only found among those which are
domesticated. Sonnini speaks of the shepherds’ dogs in the wilds
of Egypt as not having this faculty; and Columbus found the dogs
which he had previously carried to America, to have lost their
propensity to barking. The ancients were aware of this
circumstance. Isaiah compares the blind watchmen of Israel to
these animals—‘they are dumb, they cannot bark.’ But, on the
contrary, David compares the noise of his enemies to the dogs
round about the city. Hence the barking of a dog is an acquired
faculty—an effort to speak, which he derives from his associating
with man. It cannot be doubted, that dogs in this country bark
more, and fight less, than formerly. This may be accounted for by
the civilization of the lower orders, who have gained a higher
taste in their sports and pastimes, than badger-baitings and dog-
fights; and it may with truth be asserted, that the march of
intellect has had its influence even upon the canine race, in
destroying that natural ferocity for war which (happily for the
world) is now spent more in words than in blows.”
[88] Upon this mountain, and some other parts of the hilly
country in the vicinity, but not, I believe, very common, is a
species of kangaroo rat; (“Narru” of the aborigines;) but I was
not sufficiently fortunate to procure a specimen.
[89] Most of the stations in the interior have the native names
of the place given them; but they are often better known by the
name of the stock-keepers in charge, as in the above instance, to
which many others might be added.
[90] When on one occasion the head of a native was under
examination, a gentleman present asked the wondering black, “if
he knew what was doing to his head?” Blackee answered in the
negative. “Why you will no more be able to catch kangaroos or
opossums.” No sooner was this said, than the black started away
in anger, seized and flourished his spear, exclaiming, “What for
you do that? What for you do all the same that!” And the
unfortunate manipulator of savage craniums, as also his
companion, began to be apprehensive, that the practice of the
science was in a high degree dangerous among uncivilized
beings.
On another occasion, the temporal muscle was found unusually
large in the head of a native black under investigation: this was
remarked by the phrenologist to a gentleman who stood near
him, at the same time squeezing it, and saying to blackee,
“Cobbong (large) this.” “Ah!” exclaimed the black as he made off
at a rapid pace, “me now see what you want; you want patta,”
(eat) and escaped as quickly as possible from the ravenous
cannibal appetite he supposed the phrenologist to possess.
[91] The black cockatoo usually feeds on the trees; the white
species almost invariably upon the ground.
[92] The Murrumbidgee natives call grass by the general name
of “Narluk,” but they bestow different names on distinct species.
Those among the native blacks, who have pretensions to an
acquaintance with the English language, call our hair grass.
 [93] The plumage of this bird is green; legs and bill of an
orange colour, with an orange mark under the eye; irides brown.
Length of the male specimen seven inches and a-half. Its food is
insects.
[94] The following extract, from the introduction to “Tuckey’s
Unfortunate Expedition to explore the River Congo,” is curious as
coinciding, as regards another portion of the globe, with the
above remark.
“He named it” (alluding to Diego Cam) “the Congo, as that was
the name of the country through which it flowed; but he
afterwards found that the natives called it the Zaire, two names
which, since that time, have been used indiscriminately by
Europeans. It now appears that Zaire is the general appellative
for any great river, like the Nile in North Africa, and the Ganges in
Hindoostan; and that the native name of the individual river in
question is Moienzi enzaddi, or the river which absorbs all other
rivers.”—Introduction, page xi.
[95] “Damper” is merely a cake of flour and water, or milk,
baked in the ashes; it is the usual mode of bread-making in the
bush; it is sweet, wholesome, and excellent eating.
[96] The Americans employ several well-known methods to
track bees to their hives. One of the most common, though
ingenious modes, is to place a piece of bee-bread on a flat
surface, a tile for instance, surrounding it with a circle of wet
white paint. The bee, whose habit it is always to alight on the
edge of any plane, has to travel through the paint to reach the
bee-bread. When, therefore, she flies off, the observer can track
her by the white on her body. The same operation is repeated at
another place, at some distance from the first, and at right angles
to the bee line just ascertained. The position of the hive is thus
easily determined, for it lies in the angle made by the intersection
of the bee lines. Another method is described in the Philosophical
Transactions for 1721. The bee-hunter decoys, by a bait of honey,
some of the bees into his trap; and when he has secured as many
as he judges will suit his purpose, he encloses one in a tube, and,
letting it fly, marks its course by a pocket compass. Departing to
some distance, he liberates another, observes its course, and in
this manner determines the position of the hive, upon the
principle already detailed. These methods of bee-hunting depend
upon the insect’s habit of always flying in a right line to its home.
Those who have read Cooper’s tale of the “Prairie,” must
remember the character of the bee-hunter, and the expression of
“lining a bee to its hive.”—Insect Architecture, pp. 145, 146.
[97] When travelling as a stranger in the most secluded part of
the colony, and sometimes obliged to seek refuge for the night in
a hut, of whom the person in charge and those about him, were
convicts, or having to depend upon them for directions as to the
road, having my watch and other property with me, I never
missed the most trifling article, and always found them ready and
willing to afford every assistance: there are, of course, always
exceptions among a multitude; but I state the result of my own
experience, after travelling upwards of six hundred miles in the
colony.
[98] A small species of Xanthorrhœa, or yellow gum tree, called
Modandara by the aborigines, was abundant on the ranges. The
bases of the young leaves of this plant are eaten by the natives,
and the taste is agreeable.
[99] Mr. Hamilton Hume informed me that the Bugong is found
also by the aborigines inhabiting the country about the Snow
Mountains, to the southward; forming their principal food during
the summer. These insects are said to ascend from the lowland to
the more elevated spots, only during the summer season.
[100] Among the botanical specimens collected in this part of
the country, were Eryngium, resembling vesiculosum; Utricularia
dichotoma, (with blue, and also a variety with white flowers,) in
the swamps; Drosera peltata; and species of the following
genera:—Westringia; Grevillea; Croton; Convolvulus;
Leptospermum; Dillweynia; Malva; Linum; Brownea; Davisea;
Juncea; Loranthus; Cyperus; Veronica; Senecio; Callytris;
Centaurea; Sida, &c. &c.
[101] This second group was situated on a gradually declining
part of the mountain, in many parts densely wooded; but from
which we commanded a fine view of the continuous range to a
great distance.
[102] Captain Cook mentions, that at Thirsty Sound, on the
coast of New South Wales, he found an incredible number of
butterflies; so that, for the space of three or four acres, the air
was so crowded with them, that millions were to be seen in every
direction, at the same time that every branch and twig was
covered with others that were not upon the wing: and Captain
King observes, (Survey of the Coasts of Australia, vol. i. p. 195,)
“Here, (Cape Cleveland,) as well as at every other place that we
had landed upon within the tropic, the air is ‘crowded’ with a
species of butterfly, a great many of which were taken. It is,
doubtless, the same species as that which Captain Cook remarks
as so plentiful in Thirsty Sound. The numbers seen by us were
indeed incredible; the stem of every grass tree, (Xanthorrhœa,)
which plant grows abundantly upon the hills, was covered with
them; and on their taking wing, the air appeared, as it were, in
perfect motion. It is a new species; and is described, by my friend
Mr. W. S. Macleay, under the name of Euploea hamata.”
[103] The atmosphere, sultry on the plain below, was cold
upon this mountain, although the sun shone brilliantly. I was told,
that last year, in December, (one of the summer months in the
colony,) some snow fell, in a small quantity, at this place.
[104] The “Walbun,” or “Culibun,” is usually made from one of
the knotty protuberances so commonly seen upon the trunks of
the large Eucalypti trees.
[105] When the natives about the Murrumbidgee river heard,
on my return, that I had visited the “Bugong Mountain,” they
expressed great delight, and wished to see what I had collected.
On showing them the few insects I had, they recognized them
instantly; but I thought there was a feeling of disappointment at
their curiosity only, not appetites, being gratified by my little
entomological collection.
[106] The spears are six to twelve feet long; the shorter are
made of reed pointed with hard wood; the longer are rude sticks
sharpened at the extremity. They use a throwing-stick, similar to
the one seen among the natives in the vicinity of Sydney and
other parts of the colony.
[107] According to Spix and Martius, “The Coroados Indians in
the interior of Brazil have their language, in respect to numbers,
very imperfect. They generally count only by the joints of the
finger, consequently only to three; every greater number they
express by the word ‘many.’ Their calculation of time is equally
simple—merely according to the returning season of the ripening
of the fruits, or according to the phases of the moon,—of which
latter, however, they can express in words only the appearance,
without any reference to the cause.”—Travels in Brazil, 8vo. Eng.
Transl. vol. ii. p. 255.
 [108] The natives name the kangaroo “Bundar and Wumbuen,”
but have separate names for each species. At Goulburn Plains the
red species is called “Eran and Warru;” and, although the
language of the different tribes vary in other respects, there is
often a similarity of the names of animals among them, each
having two or three distinctive appellations, which may have been
the cause of so much confusion existing among this genus of the
mammalia; for Mr. Ogilby, who devoted much time and research
to the marsupial quadrupeds of Australia, correctly observes
respecting the kangaroos, “They are at present involved in the
greatest confusion, and are mentioned in catalogues in the most
vague and general, as often incorrect terms, without any
distinguishing marks. No department of Australian mammalogy
has given me so much trouble as the history of the kangaroos; in
none have I arrived at a less satisfactory conclusion.” I only regret
that the brief sojourn made in Australia, would not permit me to
investigate the subject to the extent I desired. From what I
observed there does not appear so much difficulty to ascertain
the different species, as has been supposed.
[109] I was informed that a white kangaroo had been seen; it
was an Albino, with the usual pink eyes, and is extremely rare.
[110] A ludicrous instance of this mistake once occurred (and it
may be said there is scarcely an individual who has travelled in
the bush but has made a similar mistake although, perhaps, not
to the same extent.) A settler lost himself in the bush, and
thinking he saw a native at a distance, he hailed with the usual
“Cu, he; cu, he,” (which can be heard at a great distance, and is
borrowed from the natives,) until he made the woods resound;
but receiving no reply, he galloped up to the object, and then
discovered it was merely a charred stump of a tree; so this may
be some apology for the poor kangaroos.
[111] These animals, like the cattle, frequent those places
where the grass, having been recently burnt, they meet with the
sweet young herbage. This may account for our finding them so
numerous about those situations, in preference to the plain,
although the latter seemed to offer the temptation of more
luxuriant but coarser feeding.
[112] They are mentioned in the catalogue of the museum of
the London Royal College of Surgeons, “Preparations of Natural
History in Spirit,” Fasc. 1, part 4, p. 37, as a doubtful species of
Filaria. “Filaria Macropi majoris.”
 [113] This assertion accords with my remarks, for I did not
observe these cysts in the females, but only in the male
specimens I dissected.
[114] The maggots can be produced alive from the parent fly
by pressure upon the lower part of the abdomen; the annoyance
of these flies is great during the summer season; depositing their
progeny upon every thing, even blankets. Specimens of natural
history, in the preparation of which arsenical soap had been used,
the larva of this fly has been deposited, and found lying dead in
clusters, from the effects of the poison. This renders dissection so
difficult during the hot season of the year, and for some portions
of the anatomy it is the only time for examining them in the
recent state. I have even seen game “blown” a minute after it has
been killed. During my journey, a man at one of the stations
complained to me of a dull pain in his ear, and as if something
was moving in it; he first felt it after sleeping in a hut a few
nights previous. By pouring brine into the ear, a large white
maggot crept out, and afterwards some smaller ones. The ear
being well washed out, he suffered no more pain or
inconvenience; no wound or disease of the ear appeared to exist.
[115] On the surface of the tooth there is sometimes deposited
a substance termed the tartar of the teeth. It frequently assumes
a yellow colour, with a smooth surface, in the ox and the sheep,
and has been ignorantly considered as gold derived from the
pasture. It is merely a precipitation from the saliva. Berzelius
found it to consist of earthy phosphate, 79.0; mucus not yet
decomposed, 12.5; peculiar salinary matter, 1.0; and animal
matter, soluble in muriatic acid, 7.5 = 100.0.—An. Phil. vol. ii. p.
381.—Quoted in Fleming’s Philosophy of Zoology, vol. ii. p. 166.
[116] It is remarked (in a pamphlet of a Journey of Discovery
to Port Philip, New South Wales, by Messrs. Hovel and Hume,
Sydney. 8vo. 1831, undertaken in 1824 and 1825,) that “the
impressions of the feet of the aboriginal natives may be readily
distinguished from those of Europeans, by the narrowness of the
heel, the comparative broadness of the fore part of the foot, the
shortness of the toe, and a peculiar bend of the internal edge of
the foot inwards, (a form very probably incident to the method
employed by these people in climbing trees,) and the smallness of
the entire impression, compared with that of an European.”
[117] The common opossum is called by the aborigines, in this
part of the country, “Wille,” and “Wadjan;” the ring-tailed
opossum, “Bokare,” and “Kindine.”
[118] The men at one of the farms, when occupied in shearing,
complained of a small green-coloured fly annoying them
exceedingly, by flying about their eyes; so much so, as frequently
to oblige them to discontinue their labour: an itching sensation of
the eyes followed, and it seemed, to use their own words, “as if
they were about to have an attack of the blight.”
[119] Alluding to large trees, I heard a person, who had fully
persuaded himself of the fact, endeavour to impress his auditors
with the belief that a tree existed upon the estate of the Van
Dieman’s Land Company nine hundred feet high!!! This gigantic
vegetable production would certainly beat “Raffle’s flower,” or
“Crawford’s root,” and must be very valuable if only as a gigantic
curiosity.
[120] An excellent ley for soap, is made from the “swamp oak,”
when burnt; and a ley is also procured at the island of Tahiti, in
the South Seas, from the Casuarina equisetifolia for a similar
purpose.
[121] The aborigines call our domestic fowls, as well as all
birds, by the general name of “Bújan.”
[122] The “black leg” is evidently the disease among the cattle,
known in Ireland as the “crippawn,” a kind of paralytic affection of
the limbs, which generally ends fatally; the customary course is
by bleeding, and changing them to a drier pasture.
[123] Called honeysuckle by the colonists, because the flowers
secrete a quantity of honey, which is attractive to the natives, and
the numerous parroquets, when the trees are in bloom.
[124] The name of the native that accompanied me was “Buru,
birrima,” which he said he received from the name of the place
where he was born. This appears a common method among the
aborigines of bestowing names upon persons, as well as from any
personal defect. The native name of Mr. Bradley’s farm is
“Bungee,” and his little child born there will usually be known by
that name among the aborigines.
[125] There is also at Batavia a bird which emits a melancholy
scream and whistle during the night; it is called by the Javanese
“Borong Matee,” or “Death bird,” and is regarded by them, as well
as by some of the European residents, as a bird of ill-omen; and
its note is supposed to indicate the approaching death of some
individual. I was informed, that the decease of a gentleman at
Batavia was indicated some time before by one of these birds
uttering its melancholy screams, and hovering near the dwelling,
and this was mentioned by a European, who credited the
superstitious idea that these birds were ominous.
[126] Governor King, when at Norfolk Island, cut down one
which measured, after it was felled, two hundred and twenty-
eight feet long, and eleven feet in diameter.
[127] Thompson’s London Dispensatory. 8vo. p. 532.
[128] The Trial Rocks are thus mentioned in the “Lives and
Voyages of Drake, Cavendish, and Dampier,” published in the
Edinburgh Cabinet Library, page 448.
“Dampier intended once more to attempt New Holland in about
20°. Here he found soundings at forty fathoms, but did not see
the land; and steered westward, to search for the Trial Rocks, (so
named from an English ship called the Trial having been wrecked
upon them many years before,) which were supposed to lie in this
parallel, and about eighty leagues westward of the coast. But
Captain Dampier was sick, and unable to maintain perpetual
watch himself, and the officers inefficient and careless, so that
this important point was not ascertained.”
[129] These are certainly the most delicate and beautiful of the
oceanic birds; their peculiar shrill, raucous note indicates their
presence about the ship; hovering over the vessel, or darting into
the water in pursuit of prey, and as the sun shines upon the
chaste and elegant plumage of the white species, or the rosy-
tinted feathers of the red species, or phœnicurus, their beauty is
increased.
[130] Some ships, seeking freights, anchor outside the roads,
by which it seems the port charges are saved; and then anchor in
the roadstead, if they consider there is a sufficient inducement for
them to remain at this port.
[131] The “far-famed Mangoosteen” is certainly an agreeable
fruit, but still I cannot join the various writers who have lavished
such praises upon it—it may be want of taste in me; and probably
the fruit will still retain “its luscious qualities, surpassing all other
fruits in the world, combining the excellence of the whole;” but I
must candidly confess that I am not so great an admirer of this or
other tropical fruits, although I at the same time allow many to
have excellent flavour, yet none can bear comparison with the
delightful acidulated European fruits; and the Mangoosteen is
even, in my opinion, beneath the orange or pine-apple, although
still a very agreeable fruit.
[132] At Singapore, observing one of these monkeys in a
stable, I inquired if Java horses were kept there; the answer was
in the affirmative; so Jacko was probably imported with the
horses to keep them in health.
[133] The Malay name for Weltervreden is “Pasārsānan,” which
signifies Monday market, (Pasār, market; sānan, Monday.)
[134] This plant emits its fragrant smell powerfully after sunset,
and has been “observed in a sultry evening, after thunder, when
the atmosphere was highly charged with electric fluid, to dart
small sparks, or scintillations of lucid flame, in great abundance
from such of its flowers as were fading.”—Edin. Philos. Journal,
vol. iii. p. 415.
[135] This officer, now a captain in the army, and by all
accounts an excellent and brave soldier, I saw at the same time at
this hotel, where he at present resided; he appeared attached to
Santot, and they conversed much together; he had lately
returned from the Sumatran coast, having been recently
employed in the war in the interior of that island.
[136] The following paragraph appeared in one of the Calcutta
journals, and was copied into most of the India papers:—“A
passenger who came round from Batavia has favoured us with
the following intelligence relative to the Dutch squadron, &c. In
Batavia roads there were—one line-of-battle ship, mounting sixty
guns; three large frigates; four brigs and smaller vessels of war,
all well armed and manned. In the canal there were—twenty gun-
boats, mounting two long brass guns each. All the troops were
marching in from the interior, and the fortifications were placed in
a complete state of defence. A large frigate was lying at
Sourabaya, well manned and armed. If the Dutch should
determine on making reprisals, a few days’ sail would take them
to Lintin, where they might seize British property to an immense
amount.”
A very kind hint! deserving the thanks of the Dutch
Government; for the capture would have been easy, the loss of
British property great, being without a vessel of war to protect
them. This is the way British affairs are conducted in the east.
 [137] These doves when on board cooed, or, as the Malay said,
talked when the bells were struck, but as frequently cooed or
spoke out of the regular time, so they did not answer the purpose
of a clock!
[138] It is recommended (I was informed by some intelligent
persons at Singapore) for ships proceeding to the north-east
coast of Sumatra, at this season of the year, to take the passage
by the Straits of Banca and Malacca, by which the voyage would
rarely be protracted beyond ten or twelve days. From the length
of time we took to Pedir, by the outside passage, there was
evidently an error in taking it in preference to the one
recommended, by persons accustomed to trade about those
places.
[139] “Pulo,” in the Malay language, signifies island, but
Europeans frequently use the word Island before it.
[140] It is passable for light ships’ boats at half ebb, and even
at low water, at the latter time the boats occasionally grounding;
those heavily laden can only pass at high water.
[141] The fruit of the Areka palm is incorrectly called in
commerce “Betel-nut,” which has occasioned mistakes; many
writers considering it the fruit of the “Piper Betel,” or Betel vine,
the leaves of which are used with the Areka-nut as a masticatory;
but as the whole mixed together, and eaten by the natives,
constitutes what is called “chewing the betel” by Europeans, the
nut probably derived its commercial appellation from that source.
The confusion existing between the Areka palm, producing the
nuts, and the Betel vine, by most writers, has caused me to insert
this explanatory note.
[142] A small investment of various articles of cutlery would
have no doubt met with a ready sale;—a set of excellent razors,
the cost price of which in London was thirty shillings, was sold for
twenty-five dollars, and other articles, of a good quality, would
have sold at equally good prices. A rifle gun, case complete, was
also sold for one hundred and fifty dollars; and a pair of duelling
pistols, of French manufacture, seventy-five dollars.
[143] A “flock of the swinish breed” would prove efficacious in
clearing the decks of a ship of the Mahometan Malays, who have
a religious abhorrence of the pollution occasioned by such
company.
 [144] The Chinese have several species indigenous to the
Celestial Empire.
[145] The general name for crab among the natives on this
coast is “Biong,” but all the various species have distinct names
given them.
[146] They are evidently the ova of some fish, but of what
genus it is as yet difficult to form an opinion.
[147] The language spoken by the aboriginal natives of this
country is the Acheenese, which is a dialect of the Malay. A
Javanese, however, could not understand the Acheenese
language. The people on the coast, nevertheless, mix the
Acheenese with other dialects of the Malay, and also with some
Hindoostanee words.
[148] See Appendix, No. 2. in the second volume.
[149] The fort is also partly surrounded by a palisade of
bamboos, and a moat exterior to it, abounding on its banks with
a dense vegetation.
[150] During this month the weather was generally fine and
clear; a few days only being squally and unsettled weather, with
showers of rain.
[151] The Archeenese name for this tree, was Bánawa, or
Búnawa; and I afterwards ascertained that the castor-oil tree had
the same appellation given to it.
[152] Among which the Caladium costatum, or Berar of the
natives, was also seen planted; the root of which is eaten by
them, after it has been previously washed in water for some time.
[153] The mountains behind Pedir range in various directions.
[154] We were informed, that a law had been made by the late
rajah, which still remained in force, that any native robbing, or
otherwise ill-using, a European in his territory, should lose his
right hand.
[155] New Betel nut will lose, during a voyage to China, from
eight to ten per cent.
[156] I understand that a large quantity of the Areka-nut is
grown upon the Pelew islands, and could be procured in barter
for tobacco, rum, and other articles; this was ascertained by a
vessel which visited those islands in 1830. The natives of this
group of islands also use it as a masticatory.
 [157] It is also by a combination of substances that the
Otaheitans produce a red dye from the fruit of a species of Ficus,
called Matti, and the leaves of a species of Cordia, called “Tou.”
[158] I have often seen on this coast, as well as in Java, small
bunches of the abortive fruit, taken from the spathe of the Areka
palm, placed as an ornament at the stern and bows of the native
boats.
[159] It was stated to me that sandal wood can be procured at
Acheen as well as other parts of the north-east coast, and is sold
by the large pecul or bar (which is equal to three peculs) at
twenty-four dollars the bar.
[160] It is mentioned in Labillardières Voyage, (Eng. Transl.
8vo. vol. i. p. 358,) that at Amboyna “I saw, on my return, a
white negro, a Papuan man by birth; he had light hair, his skin
was white, and marked with reddish freckles, like those of the
Europeans who have red hair; but he was not weak-sighted, as is
generally the case with other Albinos”.
 *** END OF THE PROJECT GUTENBERG EBOOK WANDERINGS IN
NEW SOUTH WALES, BATAVIA, PEDIR COAST, SINGAPORE, AND
CHINA, VOL. 1 (OF 2) ***

Updated editions will replace the previous one—the old editions will
be renamed.

Creating the works from print editions not protected by U.S.

copyright law means that no one owns a United States copyright in
these works, so the Foundation (and you!) can copy and distribute it
in the United States without permission and without paying
copyright royalties. Special rules, set forth in the General Terms of
Use part of this license, apply to copying and distributing Project
Gutenberg™ electronic works to protect the PROJECT GUTENBERG™
concept and trademark. Project Gutenberg is a registered trademark,
and may not be used if you charge for an eBook, except by following
the terms of the trademark license, including paying royalties for use
of the Project Gutenberg trademark. If you do not charge anything
for copies of this eBook, complying with the trademark license is
very easy. You may use this eBook for nearly any purpose such as
creation of derivative works, reports, performances and research.
Project Gutenberg eBooks may be modified and printed and given
away—you may do practically ANYTHING in the United States with
eBooks not protected by U.S. copyright law. Redistribution is subject
to the trademark license, especially commercial redistribution.

START: FULL LICENSE

THE FULL PROJECT GUTENBERG LICENSE
 PLEASE READ THIS BEFORE YOU DISTRIBUTE OR USE THIS WORK

To protect the Project Gutenberg™ mission of promoting the free

distribution of electronic works, by using or distributing this work (or
any other work associated in any way with the phrase “Project
Gutenberg”), you agree to comply with all the terms of the Full
Project Gutenberg™ License available with this file or online at
www.gutenberg.org/license.

Section 1. General Terms of Use and

Redistributing Project Gutenberg™
electronic works
1.A. By reading or using any part of this Project Gutenberg™
electronic work, you indicate that you have read, understand, agree
to and accept all the terms of this license and intellectual property
(trademark/copyright) agreement. If you do not agree to abide by all
the terms of this agreement, you must cease using and return or
destroy all copies of Project Gutenberg™ electronic works in your
possession. If you paid a fee for obtaining a copy of or access to a
Project Gutenberg™ electronic work and you do not agree to be
bound by the terms of this agreement, you may obtain a refund
from the person or entity to whom you paid the fee as set forth in
paragraph 1.E.8.

1.B. “Project Gutenberg” is a registered trademark. It may only be

used on or associated in any way with an electronic work by people
who agree to be bound by the terms of this agreement. There are a
few things that you can do with most Project Gutenberg™ electronic
works even without complying with the full terms of this agreement.
See paragraph 1.C below. There are a lot of things you can do with
Project Gutenberg™ electronic works if you follow the terms of this
agreement and help preserve free future access to Project
Gutenberg™ electronic works. See paragraph 1.E below.
1.C. The Project Gutenberg Literary Archive Foundation (“the
Foundation” or PGLAF), owns a compilation copyright in the
collection of Project Gutenberg™ electronic works. Nearly all the
individual works in the collection are in the public domain in the
United States. If an individual work is unprotected by copyright law
in the United States and you are located in the United States, we do
not claim a right to prevent you from copying, distributing,
performing, displaying or creating derivative works based on the
work as long as all references to Project Gutenberg are removed. Of
course, we hope that you will support the Project Gutenberg™
mission of promoting free access to electronic works by freely
sharing Project Gutenberg™ works in compliance with the terms of
this agreement for keeping the Project Gutenberg™ name associated
with the work. You can easily comply with the terms of this
agreement by keeping this work in the same format with its attached
full Project Gutenberg™ License when you share it without charge
with others.

1.D. The copyright laws of the place where you are located also
govern what you can do with this work. Copyright laws in most
countries are in a constant state of change. If you are outside the
United States, check the laws of your country in addition to the
terms of this agreement before downloading, copying, displaying,
performing, distributing or creating derivative works based on this
work or any other Project Gutenberg™ work. The Foundation makes
no representations concerning the copyright status of any work in
any country other than the United States.

1.E. Unless you have removed all references to Project Gutenberg:

1.E.1. The following sentence, with active links to, or other

immediate access to, the full Project Gutenberg™ License must
appear prominently whenever any copy of a Project Gutenberg™
work (any work on which the phrase “Project Gutenberg” appears,
or with which the phrase “Project Gutenberg” is associated) is
accessed, displayed, performed, viewed, copied or distributed:
 This eBook is for the use of anyone anywhere in the United
States and most other parts of the world at no cost and with
almost no restrictions whatsoever. You may copy it, give it away
or re-use it under the terms of the Project Gutenberg License
included with this eBook or online at www.gutenberg.org. If you
are not located in the United States, you will have to check the
laws of the country where you are located before using this
eBook.

1.E.2. If an individual Project Gutenberg™ electronic work is derived

from texts not protected by U.S. copyright law (does not contain a
notice indicating that it is posted with permission of the copyright
holder), the work can be copied and distributed to anyone in the
United States without paying any fees or charges. If you are
redistributing or providing access to a work with the phrase “Project
Gutenberg” associated with or appearing on the work, you must
comply either with the requirements of paragraphs 1.E.1 through
1.E.7 or obtain permission for the use of the work and the Project
Gutenberg™ trademark as set forth in paragraphs 1.E.8 or 1.E.9.

1.E.3. If an individual Project Gutenberg™ electronic work is posted

with the permission of the copyright holder, your use and distribution
must comply with both paragraphs 1.E.1 through 1.E.7 and any
additional terms imposed by the copyright holder. Additional terms
will be linked to the Project Gutenberg™ License for all works posted
with the permission of the copyright holder found at the beginning
of this work.

1.E.4. Do not unlink or detach or remove the full Project

Gutenberg™ License terms from this work, or any files containing a
part of this work or any other work associated with Project
Gutenberg™.

1.E.5. Do not copy, display, perform, distribute or redistribute this

electronic work, or any part of this electronic work, without
prominently displaying the sentence set forth in paragraph 1.E.1
with active links or immediate access to the full terms of the Project
Gutenberg™ License.

1.E.6. You may convert to and distribute this work in any binary,
compressed, marked up, nonproprietary or proprietary form,
including any word processing or hypertext form. However, if you
provide access to or distribute copies of a Project Gutenberg™ work
in a format other than “Plain Vanilla ASCII” or other format used in
the official version posted on the official Project Gutenberg™ website
(www.gutenberg.org), you must, at no additional cost, fee or
expense to the user, provide a copy, a means of exporting a copy, or
a means of obtaining a copy upon request, of the work in its original
“Plain Vanilla ASCII” or other form. Any alternate format must
include the full Project Gutenberg™ License as specified in
paragraph 1.E.1.

1.E.7. Do not charge a fee for access to, viewing, displaying,

performing, copying or distributing any Project Gutenberg™ works
unless you comply with paragraph 1.E.8 or 1.E.9.

1.E.8. You may charge a reasonable fee for copies of or providing

access to or distributing Project Gutenberg™ electronic works
provided that:

• You pay a royalty fee of 20% of the gross profits you

derive from the use of Project Gutenberg™ works
calculated using the method you already use to calculate
your applicable taxes. The fee is owed to the owner of the
Project Gutenberg™ trademark, but he has agreed to
donate royalties under this paragraph to the Project
Gutenberg Literary Archive Foundation. Royalty payments
must be paid within 60 days following each date on which
you prepare (or are legally required to prepare) your
periodic tax returns. Royalty payments should be clearly
marked as such and sent to the Project Gutenberg Literary
Archive Foundation at the address specified in Section 4,
 “Information about donations to the Project Gutenberg
Literary Archive Foundation.”

• You provide a full refund of any money paid by a user who

notifies you in writing (or by e-mail) within 30 days of
receipt that s/he does not agree to the terms of the full
Project Gutenberg™ License. You must require such a user
to return or destroy all copies of the works possessed in a
physical medium and discontinue all use of and all access to
other copies of Project Gutenberg™ works.

• You provide, in accordance with paragraph 1.F.3, a full

refund of any money paid for a work or a replacement
copy, if a defect in the electronic work is discovered and
reported to you within 90 days of receipt of the work.

• You comply with all other terms of this agreement for free
distribution of Project Gutenberg™ works.

1.E.9. If you wish to charge a fee or distribute a Project Gutenberg™

electronic work or group of works on different terms than are set
forth in this agreement, you must obtain permission in writing from
the Project Gutenberg Literary Archive Foundation, the manager of
the Project Gutenberg™ trademark. Contact the Foundation as set
forth in Section 3 below.

1.F.

1.F.1. Project Gutenberg volunteers and employees expend

considerable effort to identify, do copyright research on, transcribe
and proofread works not protected by U.S. copyright law in creating
the Project Gutenberg™ collection. Despite these efforts, Project
Gutenberg™ electronic works, and the medium on which they may
be stored, may contain “Defects,” such as, but not limited to,
incomplete, inaccurate or corrupt data, transcription errors, a
copyright or other intellectual property infringement, a defective or
damaged disk or other medium, a computer virus, or computer
codes that damage or cannot be read by your equipment.

1.F.2. LIMITED WARRANTY, DISCLAIMER OF DAMAGES - Except for

the “Right of Replacement or Refund” described in paragraph 1.F.3,
the Project Gutenberg Literary Archive Foundation, the owner of the
Project Gutenberg™ trademark, and any other party distributing a
Project Gutenberg™ electronic work under this agreement, disclaim
all liability to you for damages, costs and expenses, including legal
fees. YOU AGREE THAT YOU HAVE NO REMEDIES FOR
NEGLIGENCE, STRICT LIABILITY, BREACH OF WARRANTY OR
BREACH OF CONTRACT EXCEPT THOSE PROVIDED IN PARAGRAPH
1.F.3. YOU AGREE THAT THE FOUNDATION, THE TRADEMARK
OWNER, AND ANY DISTRIBUTOR UNDER THIS AGREEMENT WILL
NOT BE LIABLE TO YOU FOR ACTUAL, DIRECT, INDIRECT,
CONSEQUENTIAL, PUNITIVE OR INCIDENTAL DAMAGES EVEN IF
YOU GIVE NOTICE OF THE POSSIBILITY OF SUCH DAMAGE.

1.F.3. LIMITED RIGHT OF REPLACEMENT OR REFUND - If you

discover a defect in this electronic work within 90 days of receiving
it, you can receive a refund of the money (if any) you paid for it by
sending a written explanation to the person you received the work
from. If you received the work on a physical medium, you must
return the medium with your written explanation. The person or
entity that provided you with the defective work may elect to provide
a replacement copy in lieu of a refund. If you received the work
electronically, the person or entity providing it to you may choose to
give you a second opportunity to receive the work electronically in
lieu of a refund. If the second copy is also defective, you may
demand a refund in writing without further opportunities to fix the
problem.

1.F.4. Except for the limited right of replacement or refund set forth
in paragraph 1.F.3, this work is provided to you ‘AS-IS’, WITH NO
OTHER WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR ANY PURPOSE.

1.F.5. Some states do not allow disclaimers of certain implied

warranties or the exclusion or limitation of certain types of damages.
If any disclaimer or limitation set forth in this agreement violates the
law of the state applicable to this agreement, the agreement shall be
interpreted to make the maximum disclaimer or limitation permitted
by the applicable state law. The invalidity or unenforceability of any
provision of this agreement shall not void the remaining provisions.

1.F.6. INDEMNITY - You agree to indemnify and hold the Foundation,

the trademark owner, any agent or employee of the Foundation,
anyone providing copies of Project Gutenberg™ electronic works in
accordance with this agreement, and any volunteers associated with
the production, promotion and distribution of Project Gutenberg™
electronic works, harmless from all liability, costs and expenses,
including legal fees, that arise directly or indirectly from any of the
following which you do or cause to occur: (a) distribution of this or
any Project Gutenberg™ work, (b) alteration, modification, or
additions or deletions to any Project Gutenberg™ work, and (c) any
Defect you cause.

Section 2. Information about the Mission

of Project Gutenberg™
Project Gutenberg™ is synonymous with the free distribution of
electronic works in formats readable by the widest variety of
computers including obsolete, old, middle-aged and new computers.
It exists because of the efforts of hundreds of volunteers and
donations from people in all walks of life.

Volunteers and financial support to provide volunteers with the

assistance they need are critical to reaching Project Gutenberg™’s
goals and ensuring that the Project Gutenberg™ collection will
remain freely available for generations to come. In 2001, the Project
Gutenberg Literary Archive Foundation was created to provide a
secure and permanent future for Project Gutenberg™ and future
generations. To learn more about the Project Gutenberg Literary
Archive Foundation and how your efforts and donations can help,
see Sections 3 and 4 and the Foundation information page at
www.gutenberg.org.

Section 3. Information about the Project

Gutenberg Literary Archive Foundation
The Project Gutenberg Literary Archive Foundation is a non-profit
501(c)(3) educational corporation organized under the laws of the
state of Mississippi and granted tax exempt status by the Internal
Revenue Service. The Foundation’s EIN or federal tax identification
number is 64-6221541. Contributions to the Project Gutenberg
Literary Archive Foundation are tax deductible to the full extent
permitted by U.S. federal laws and your state’s laws.

The Foundation’s business office is located at 809 North 1500 West,

Salt Lake City, UT 84116, (801) 596-1887. Email contact links and up
to date contact information can be found at the Foundation’s website
and official page at www.gutenberg.org/contact

Section 4. Information about Donations to

the Project Gutenberg Literary Archive
Foundation
Project Gutenberg™ depends upon and cannot survive without
widespread public support and donations to carry out its mission of
increasing the number of public domain and licensed works that can
be freely distributed in machine-readable form accessible by the
widest array of equipment including outdated equipment. Many
small donations ($1 to $5,000) are particularly important to
maintaining tax exempt status with the IRS.

The Foundation is committed to complying with the laws regulating

charities and charitable donations in all 50 states of the United
States. Compliance requirements are not uniform and it takes a
considerable effort, much paperwork and many fees to meet and
keep up with these requirements. We do not solicit donations in
locations where we have not received written confirmation of
compliance. To SEND DONATIONS or determine the status of
compliance for any particular state visit www.gutenberg.org/donate.

While we cannot and do not solicit contributions from states where

we have not met the solicitation requirements, we know of no
prohibition against accepting unsolicited donations from donors in
such states who approach us with offers to donate.

International donations are gratefully accepted, but we cannot make

any statements concerning tax treatment of donations received from
outside the United States. U.S. laws alone swamp our small staff.

Please check the Project Gutenberg web pages for current donation
methods and addresses. Donations are accepted in a number of
other ways including checks, online payments and credit card
donations. To donate, please visit: www.gutenberg.org/donate.

Section 5. General Information About

Project Gutenberg™ electronic works
Professor Michael S. Hart was the originator of the Project
Gutenberg™ concept of a library of electronic works that could be
freely shared with anyone. For forty years, he produced and
distributed Project Gutenberg™ eBooks with only a loose network of
volunteer support.
Project Gutenberg™ eBooks are often created from several printed
editions, all of which are confirmed as not protected by copyright in
the U.S. unless a copyright notice is included. Thus, we do not
necessarily keep eBooks in compliance with any particular paper
edition.

Most people start at our website which has the main PG search
facility: www.gutenberg.org.

This website includes information about Project Gutenberg™,

including how to make donations to the Project Gutenberg Literary
Archive Foundation, how to help produce our new eBooks, and how
to subscribe to our email newsletter to hear about new eBooks.
Welcome to our website – the ideal destination for book lovers and
knowledge seekers. With a mission to inspire endlessly, we offer a
vast collection of books, ranging from classic literary works to
specialized publications, self-development books, and children's
literature. Each book is a new journey of discovery, expanding
knowledge and enriching the soul of the reade

Our website is not just a platform for buying books, but a bridge
connecting readers to the timeless values of culture and wisdom. With
an elegant, user-friendly interface and an intelligent search system,
we are committed to providing a quick and convenient shopping
experience. Additionally, our special promotions and home delivery
services ensure that you save time and fully enjoy the joy of reading.

Let us accompany you on the journey of exploring knowledge and

personal growth!

textbookfull.com