Students will gain an understanding of forensic documentation and data recovery methods. Students will work with forensic restoration and case management tools in order to simulate a real-world forensic intake scenario. Students will understand the importance of due process and the criticality of maintaining the integrity of fragile data in the field of digital forensics.

In this lesson, students will:

• Receive an overview of forensics

In this lesson, students will:

• Learn about evidence
• Learn about Chain of Custody

In this lesson, students will:

• Learn about media types
• Learn about memory types

In this lesson, students will:

• Learn about Kali Linux
• Learn about hardware and software needed to conduct forensic examinations

In this lab, students will:

• Receive an introduction to Kali Linux
• Become familiar with basic Linux utilities
• Use Command Line Interface (CLI)
• Learn how to help yourself with these utilities
• Explore the Kali Graphical User Interface (GUI)

In this lab, students will:

• Prepare PostgreSQL database to receive forensic case data
• Become familiar with basic Linux utilities
• Configure your forensic environment
• Configure a database

In this lab, students will:

• Receive an Introduction to Foreman, a Forensic Case Management system
• Become familiar with basic Linux utilities
• Configure your forensic environment
• Install Foreman, a Forensics Case Management tool

In this lab, students will:

• Receive an Introduction to Foreman, a Forensic Case Management system
• Become familiar with basic Linux utilities
• Configure your forensic environment
• Install Foreman, a Forensics Case Management tool

In this lesson, students will:

• Be exposed to some legal considerations when conducting forensic investigations

In this lesson, students will:

• Learn about forensic images
• Learn about imaging and imaging tools
• Learn about managing damaged devices

In this lab, students will:

• Receive an introduction to Kali Linux
• Become familiar with basic Linux utilities
• Use Command Line Interface (CLI)
• Learn how to help yourself with these utilities
• Explore the Kali Graphical User Interface (GUI)

In this lesson, students will:

• Learn about compression
• Learn about confidentiality
• Learn about device wiping
• Learn about integrity

In this lab, students will:

• Prepare PostgreSQL database to receive forensic case data
• Become familiar with basic Linux utilities
• Configure your forensic environment
• Configure a database

In this lab, students will:

• Receive an Introduction to Foreman, a Forensic Case Management system
• Become familiar with basic Linux utilities
• Configure your forensic environment
• Install Foreman, a Forensics Case Management tool

In this lesson, students will:

• Learn about device types
• Learn about partitions
• Learn about file systems and file types
• Learn about slack space, partitions and the partition table

In this lab, students will:

• Finalize Foreman environment for forensic documentation
• Customize the configuration of Foreman
• Become familiar with basic Linux utilities
• Create a script to automate running Foreman

In this lab, students will:

• Maintain the Chain of Custody
• Document process and results
• Examine Slack Space
• Manually Extract Data
• Automated Recovery of Files
• Examine Unallocated Space
• Examine Allocated Space
• Introduction to Autopsy

In this lab, students will:

• Process digital evidence
• Continue Chain of Custody
• Intake evidence
• Verify evidence integrity
• Initiate a new case
• Assign personnel to the new case

In this lesson you’ll be reintroduced to some of the concepts behind basic forensics. This lesson also includes a course overview of objectives and NIST CSF domains covered. Cybersecurity work roles related to this course as well as some legal information on the use of the materials presented are touched upon in this lesson.

Get an overview into the Kali Linux environments forensic tools that we will utilize during the labs in this course. This lesson also goes into the procedures for protecting digital evidence as well as the legal considerations while choosing which tools to use while conducting E-Discovery investigations.

In this lab, students will refamiliarize themselves with the Kali Linux environment focusing on the forensics capabilities and setup of the operating system.

In this lab, students will:

• Accept the new case
• Continue the chain of custody
• Document the forensic process
• Copy forensic images
• Verify forensic copies
• Uncompress forensic evidence

Network logs and packet captures can be vital in building network forensic cases. In this lab, student will conduct live network captures, extract data from network traffic, and conduct analysis on that data utilizing GUI and command line tools.

In this lab, students will:

• Analyze Digital Evidence
• Extract Metadata from Various Files
• Use a Script to Automate the Discovery Process
• Learn an Anti-Forensics Technique

This lab will introduce students to Wireshark and network analysis. This will include packet analysis, data extraction, and conducting live network captures. This lab will also cover the ability to extract hidden data from images as well as metadata.

Windows devices can be prevalent in an enterprise architecture and as a forensics investigator it’s important to know the nuances of any possible operating systems on devices that you may have to investigate. This lesson will touch upon the information you can gather via the Windows registry.

Conducting forensics on specific systems may require special tools and skill sets. In the Windows OS the registry is utilized to store application and user data that could be useful in a forensics investigation. In this lab students will utilize special tools and techniques to extract this data from a Windows registry.

As off-premises computing technologies such as virtual private servers (VPS) and cloud computing becomes more available, forensic specialist will need to know how to conduct remote operations on systems they do not have physical access to. In this lesson we’ll touch on some of the capabilities and techniques you’ll need to complete remote forensics tasks.

Physical access to a device in an investigation isn’t always possible. With more assets being located elsewhere with containerized systems, Virtual Private Servers (VPS), and the cloud it is important to know how to conduct forensics on a remote device. In this lab students will conduct remote forensics on a server.

In this challenge lab students will use their skills learned in previous labs to conduct forensics on a compromised machine to discover what was targeted, attribution, and discover possible malware.

In this challenge lab students will use their skills learned in previous labs to conduct network and image file forensics.

In Forensics, pictures are an important factor in evidence. All files, pictures included, contain metadata, which is data about the data. In this lab we will deep dive into conducting basic forensics on specific files.

Hashing is a cryptologic function that is used to ensure file integrity. In this lab we go through the basic process of hashing files for data integrity.

• Understand the importance of forensic analysis
• Understand the difference between read, write, and read-write permissions
• Know how to mount a forensic image
• Understand how to make a copy of a drive for forensic analysis

The first step in computer forensics is obtaining a copy of the computers hard drive in question. This lab will guide students through that process.

• Setup Autopsy forensics recovery tool
• Conduct string forensics
• Conduct file forensics
• Implement investigation abilities to retrieve data

Once an image of the device in question has been obtained, file and recovery forensics can be attempted. In this lab, students will take the image created in a previous lab to investigate a possible data breach in their company.

• Refamiliarize themselves with Autopsy
• Explore the Android file system
• Recover app database files
• Recover information from databases

This lab takes students through the nuances of mobile forensics. Mobile Applications, or Apps, utilize very specific technologies to store user data and configurations.

• Use Clonezilla to image a Windows partition
• Boot a Kali ISO in Forensics mode on Windows
• Use Foremost and Photorec to recover deleted files from the Windows partition

Leveraging the Kali and Clonezilla Linux distributions, students will image a file system, inspect identified files and leverage tools to identify nefarious deleted emails.

This lab will challenge students to leverage tools such as Photorec and Wireshark to conduct forensic analysis in order to identify potential malicious activity indicators.