Digital Forensic Investigations

Digital Forensic Investigation Course

Creator: Ali Al-Shemery

Lab Requirements:
1. SANS SIFT Workstation, http://computer-forensics.sans.org/community/downloads
2. AccessData FTK Toolkit, http://www.accessdata.com/‎
3. AccessData FTK Imager, http://www.accessdata.com/‎
4. ProDiscover, http://www.techpathways.com/prodiscoverdft.htm
5. WinHex, http://www.x-ways.net/winhex/
6. NetworkMiner, http://www.netresec.com/?page=NetworkMiner
7. Wireshark, http://www.wireshark.org/
8. VirtualBox, https://www.virtualbox.org/

Class Prerequisites:
1. Basic understanding of networks and network protocols
2. Operating Systems concepts
3. Basic knowledge about programming languages
4. Basic knowledge about information security

Recommended Class Duration: 10-20 days

Creator Available to Teach In-Person Classes: Yes

Course Description:

Course Objectives:

Learning Outcomes:

Class Textbooks:

Other library texts and supplements

— COURSE OUTLINE —
Introduction & Forensics Investigations
Electronic Discovery
Intrusion Investigation

Windows Forensic Investigations
– MBR Disks
– FAT File Systems
– NTFS File System
– Data Streams
– Files Metadata
– Windows XP and Windows 7 Artifacts
– Recycle Bin
– Event Logs
– Prefetch Files
– IE8
– Registry Hives
– Volume Shadow Copies
– Jump Lists
– LNK Files
– Libraries
– Swap Files
– User Profiles
– Folder Virtualization
– Thumbcache

Linux Forensic Investigations
– EXT2/EXT3 File Systems
– Linux Security Model
– File Permissions
– Linux Accounts
– File System Structure
– Mount Points
– Log Analysis
– User Activity
– Network Connections
– Running Processes
– Open File Handlers
– The /proc File System
– The /sysfs File System
– Cron Jobs

Network Forensic Investigations
– Technical Fundamentals
– Evidence Acquisition
– Traffic Analysis (Protocol, Packets, and Flow Analysis)

Mobile Network Investigations (TBC)
Forensic Investigations using Python

Last Updated: Apr-2013.
More lectures to be added ASAP…