Bundle: CSX Forensic Examiner Pathway

Students will gain an understanding of forensic documentation and data recovery methods.

Difficulty: Multilevel CSF Domain: All domains

$550.00

Price represents the non member rate.

Buy Now
or pay later by invoice

Students will gain an understanding of forensic documentation and data recovery methods. Students will work with forensic restoration and case management tools in order to simulate a real-world forensic intake scenario. Students will understand the importance of due process and the criticality of maintaining the integrity of fragile data in the field of digital forensics.

Continuing Professional Education (CPE) Credit Count: 50

Content

Lesson Introduction and Overview

In this lesson, students will:

  • Receive an overview of forensics

Lesson Chain of Custody

In this lesson, students will:

  • Learn about evidence
  • Learn about Chain of Custody

Lesson Media and Memory Types

In this lesson, students will:

  • Learn about media types
  • Learn about memory types

Lesson Forensics Environment

In this lesson, students will:

  • Learn about Kali Linux
  • Learn about hardware and software needed to conduct forensic examinations

Lab/Instructional Kali Forensics Environment

In this lab, students will:

  • Receive an introduction to Kali Linux
  • Become familiar with basic Linux utilities
  • Use Command Line Interface (CLI)
  • Learn how to help yourself with these utilities
  • Explore the Kali Graphical User Interface (GUI)

Lab/Instructional PostgreSQL Configuration

In this lab, students will:

  • Prepare PostgreSQL database to receive forensic case data
  • Become familiar with basic Linux utilities
  • Configure your forensic environment
  • Configure a database

Lab/Instructional Foreman Configuration

In this lab, students will:

  • Receive an Introduction to Foreman, a Forensic Case Management system
  • Become familiar with basic Linux utilities
  • Configure your forensic environment
  • Install Foreman, a Forensics Case Management tool

Lab/Instructional Final Foreman Setup

In this lab, students will:

  • Receive an Introduction to Foreman, a Forensic Case Management system
  • Become familiar with basic Linux utilities
  • Configure your forensic environment
  • Install Foreman, a Forensics Case Management tool

Lesson Legal Considerations

In this lesson, students will:

  • Be exposed to some legal considerations when conducting forensic investigations

Lesson Imaging

In this lesson, students will:

  • Learn about forensic images
  • Learn about imaging and imaging tools
  • Learn about managing damaged devices

Lab/Instructional A New Case

In this lab, students will:

  • Receive an introduction to Kali Linux
  • Become familiar with basic Linux utilities
  • Use Command Line Interface (CLI)
  • Learn how to help yourself with these utilities
  • Explore the Kali Graphical User Interface (GUI)

Lesson Data Management

In this lesson, students will:

  • Learn about compression
  • Learn about confidentiality
  • Learn about device wiping
  • Learn about integrity

Lab/Instructional My First Case

In this lab, students will:

  • Prepare PostgreSQL database to receive forensic case data
  • Become familiar with basic Linux utilities
  • Configure your forensic environment
  • Configure a database

Lab/Instructional A Picture

In this lab, students will:

  • Receive an Introduction to Foreman, a Forensic Case Management system
  • Become familiar with basic Linux utilities
  • Configure your forensic environment
  • Install Foreman, a Forensics Case Management tool

Lesson Drives and Files

In this lesson, students will:

  • Learn about device types
  • Learn about partitions
  • Learn about file systems and file types
  • Learn about slack space, partitions and the partition table

Lab/Instructional Data DNA

In this lab, students will:

  • Finalize Foreman environment for forensic documentation
  • Customize the configuration of Foreman
  • Become familiar with basic Linux utilities
  • Create a script to automate running Foreman

Lab/Instructional The Missing Piece

In this lab, students will:

  • Maintain the Chain of Custody
  • Document process and results
  • Examine Slack Space
  • Manually Extract Data
  • Automated Recovery of Files
  • Examine Unallocated Space
  • Examine Allocated Space
  • Introduction to Autopsy

Lab/Instructional Forensics Challenge

In this lab, students will:

  • Process digital evidence
  • Continue Chain of Custody
  • Intake evidence
  • Verify evidence integrity
  • Initiate a new case
  • Assign personnel to the new case

Lesson Introduction to Advanced Forensics

In this lesson you’ll be reintroduced to some of the concepts behind basic forensics. This lesson also includes a course overview of objectives and NIST CSF domains covered. Cybersecurity work roles related to this course as well as some legal information on the use of the materials presented are touched upon in this lesson.

Lesson Preparing the Digital Forensics Environment

Get an overview into the Kali Linux environments forensic tools that we will utilize during the labs in this course. This lesson also goes into the procedures for protecting digital evidence as well as the legal considerations while choosing which tools to use while conducting E-Discovery investigations.

Lab/Instructional Kali Forensics Introduction

In this lab, students will refamiliarize themselves with the Kali Linux environment focusing on the forensics capabilities and setup of the operating system.

Lab/Instructional Forensics Lab Setup

In this lab, students will:

  • Accept the new case
  • Continue the chain of custody
  • Document the forensic process
  • Copy forensic images
  • Verify forensic copies
  • Uncompress forensic evidence

Lesson Network Forensics

Network logs and packet captures can be vital in building network forensic cases. In this lab, student will conduct live network captures, extract data from network traffic, and conduct analysis on that data utilizing GUI and command line tools.

Lab/Instructional Network Forensics

In this lab, students will:

  • Analyze Digital Evidence
  • Extract Metadata from Various Files
  • Use a Script to Automate the Discovery Process
  • Learn an Anti-Forensics Technique

Lab/Instructional Wireshark and Steganography Essentials

This lab will introduce students to Wireshark and network analysis. This will include packet analysis, data extraction, and conducting live network captures. This lab will also cover the ability to extract hidden data from images as well as metadata.

Lesson Windows Registry Forensics

Windows devices can be prevalent in an enterprise architecture and as a forensics investigator it’s important to know the nuances of any possible operating systems on devices that you may have to investigate. This lesson will touch upon the information you can gather via the Windows registry.

Lab/Instructional Windows Registry

Conducting forensics on specific systems may require special tools and skill sets. In the Windows OS the registry is utilized to store application and user data that could be useful in a forensics investigation. In this lab students will utilize special tools and techniques to extract this data from a Windows registry.

Lesson Remote Forensics/Live Response

As off-premises computing technologies such as virtual private servers (VPS) and cloud computing becomes more available, forensic specialist will need to know how to conduct remote operations on systems they do not have physical access to. In this lesson we’ll touch on some of the capabilities and techniques you’ll need to complete remote forensics tasks.

Lab/Instructional Remote Forensics

Physical access to a device in an investigation isn’t always possible. With more assets being located elsewhere with containerized systems, Virtual Private Servers (VPS), and the cloud it is important to know how to conduct forensics on a remote device. In this lab students will conduct remote forensics on a server.

CHALLENGE LAB Advanced Forensics Challenge 1

In this challenge lab students will use their skills learned in previous labs to conduct forensics on a compromised machine to discover what was targeted, attribution, and discover possible malware.

CHALLENGE LAB Advanced Forensics Challenge 2

In this challenge lab students will use their skills learned in previous labs to conduct network and image file forensics.

Lab/Instructional Digital Forensics

In Forensics, pictures are an important factor in evidence. All files, pictures included, contain metadata, which is data about the data. In this lab we will deep dive into conducting basic forensics on specific files.

Lab/Instructional File Hashing

Hashing is a cryptologic function that is used to ensure file integrity. In this lab we go through the basic process of hashing files for data integrity.

Lesson and Lab Forensics - Imaging

Lesson objectives:
  • Understand the importance of forensic analysis
  • Understand the difference between read, write, and read-write permissions
  • Know how to mount a forensic image
  • Understand how to make a copy of a drive for forensic analysis
Instructional Lab: Forensics 1 - Imaging

The first step in computer forensics is obtaining a copy of the computers hard drive in question. This lab will guide students through that process.

Lesson and Lab Forensics - Recovery

Lesson objectives:
  • Setup Autopsy forensics recovery tool
  • Conduct string forensics
  • Conduct file forensics
  • Implement investigation abilities to retrieve data
Instructional Lab: Forensics 2 - Recovery

Once an image of the device in question has been obtained, file and recovery forensics can be attempted. In this lab, students will take the image created in a previous lab to investigate a possible data breach in their company.

Lesson and Lab Mobile Forensics

Lesson objectives:
  • Refamiliarize themselves with Autopsy
  • Explore the Android file system
  • Recover app database files
  • Recover information from databases
Instructional Lab: Mobile Forensics

This lab takes students through the nuances of mobile forensics. Mobile Applications, or Apps, utilize very specific technologies to store user data and configurations.

Lesson and Lab Computer Forensics

Lesson objectives:
  • Use Clonezilla to image a Windows partition
  • Boot a Kali ISO in Forensics mode on Windows
  • Use Foremost and Photorec to recover deleted files from the Windows partition
Instructional Lab: Passive Computer Forensics

Leveraging the Kali and Clonezilla Linux distributions, students will image a file system, inspect identified files and leverage tools to identify nefarious deleted emails.

Lab/Instructional Forensic Data Recovery and Analysis

This lab will challenge students to leverage tools such as Photorec and Wireshark to conduct forensic analysis in order to identify potential malicious activity indicators.