Students will gain an understanding of forensic documentation and data recovery methods.
Difficulty: Multilevel CSF Domain: All domainsStudents will gain an understanding of forensic documentation and data recovery methods. Students will work with forensic restoration and case management tools in order to simulate a real-world forensic intake scenario. Students will understand the importance of due process and the criticality of maintaining the integrity of fragile data in the field of digital forensics.
Continuing Professional Education (CPE) Credit Count: 50In this lesson, students will:
In this lesson, students will:
In this lesson, students will:
In this lesson, students will:
In this lab, students will:
In this lab, students will:
In this lab, students will:
In this lab, students will:
In this lesson, students will:
In this lesson, students will:
In this lab, students will:
In this lesson, students will:
In this lab, students will:
In this lab, students will:
In this lesson, students will:
In this lab, students will:
In this lab, students will:
In this lab, students will:
In this lesson you’ll be reintroduced to some of the concepts behind basic forensics. This lesson also includes a course overview of objectives and NIST CSF domains covered. Cybersecurity work roles related to this course as well as some legal information on the use of the materials presented are touched upon in this lesson.
Get an overview into the Kali Linux environments forensic tools that we will utilize during the labs in this course. This lesson also goes into the procedures for protecting digital evidence as well as the legal considerations while choosing which tools to use while conducting E-Discovery investigations.
In this lab, students will refamiliarize themselves with the Kali Linux environment focusing on the forensics capabilities and setup of the operating system.
In this lab, students will:
Network logs and packet captures can be vital in building network forensic cases. In this lab, student will conduct live network captures, extract data from network traffic, and conduct analysis on that data utilizing GUI and command line tools.
In this lab, students will:
This lab will introduce students to Wireshark and network analysis. This will include packet analysis, data extraction, and conducting live network captures. This lab will also cover the ability to extract hidden data from images as well as metadata.
Windows devices can be prevalent in an enterprise architecture and as a forensics investigator it’s important to know the nuances of any possible operating systems on devices that you may have to investigate. This lesson will touch upon the information you can gather via the Windows registry.
Conducting forensics on specific systems may require special tools and skill sets. In the Windows OS the registry is utilized to store application and user data that could be useful in a forensics investigation. In this lab students will utilize special tools and techniques to extract this data from a Windows registry.
As off-premises computing technologies such as virtual private servers (VPS) and cloud computing becomes more available, forensic specialist will need to know how to conduct remote operations on systems they do not have physical access to. In this lesson we’ll touch on some of the capabilities and techniques you’ll need to complete remote forensics tasks.
Physical access to a device in an investigation isn’t always possible. With more assets being located elsewhere with containerized systems, Virtual Private Servers (VPS), and the cloud it is important to know how to conduct forensics on a remote device. In this lab students will conduct remote forensics on a server.
In this challenge lab students will use their skills learned in previous labs to conduct forensics on a compromised machine to discover what was targeted, attribution, and discover possible malware.
In this challenge lab students will use their skills learned in previous labs to conduct network and image file forensics.
In Forensics, pictures are an important factor in evidence. All files, pictures included, contain metadata, which is data about the data. In this lab we will deep dive into conducting basic forensics on specific files.
Hashing is a cryptologic function that is used to ensure file integrity. In this lab we go through the basic process of hashing files for data integrity.
The first step in computer forensics is obtaining a copy of the computers hard drive in question. This lab will guide students through that process.
Once an image of the device in question has been obtained, file and recovery forensics can be attempted. In this lab, students will take the image created in a previous lab to investigate a possible data breach in their company.
This lab takes students through the nuances of mobile forensics. Mobile Applications, or Apps, utilize very specific technologies to store user data and configurations.
Leveraging the Kali and Clonezilla Linux distributions, students will image a file system, inspect identified files and leverage tools to identify nefarious deleted emails.
This lab will challenge students to leverage tools such as Photorec and Wireshark to conduct forensic analysis in order to identify potential malicious activity indicators.