Digital Forensics Essentials (DFE)
Beschrijving
Digital Forensics Essentials (DFE)
Digital Forensics Essentials (D|FE) is een basiscursus op instapniveau om beginners te helpen de facetten van digitaal forensisch onderzoek, de fasen en typen ervan te begrijpen. Het doel van de basiscursus is om je competentie en expertise op het gebied van digitaal forensisch onderzoek en informatiebeveiliging te vergroten. De cursus biedt 12 uitgebreide modules, 11 uur aan eersteklas zelfstudievideotraining, cursusmateriaal en 11 labs; de cursus behandelt onderwerpen als forensisch onderzoek van het donkere web, Linux, onderzoek van webtoepassingen en meer. Test je kennis met CTF-gebaseerde Capstone-projecten en valideer je nieuw verworven vaardigheden …
Veelgestelde vragen
Er zijn nog geen veelgestelde vragen over dit product. Als je een vraag hebt, neem dan contact op met onze klantenservice.
Digital Forensics Essentials (DFE)
Digital Forensics Essentials (D|FE) is een basiscursus op instapniveau om beginners te helpen de facetten van digitaal forensisch onderzoek, de fasen en typen ervan te begrijpen. Het doel van de basiscursus is om je competentie en expertise op het gebied van digitaal forensisch onderzoek en informatiebeveiliging te vergroten. De cursus biedt 12 uitgebreide modules, 11 uur aan eersteklas zelfstudievideotraining, cursusmateriaal en 11 labs; de cursus behandelt onderwerpen als forensisch onderzoek van het donkere web, Linux, onderzoek van webtoepassingen en meer. Test je kennis met CTF-gebaseerde Capstone-projecten en valideer je nieuw verworven vaardigheden in examens. vaardigheden in gesurveilleerde examens.
Cursusinhoud
Module 01: Computer Forensics Fundamentals
Understand the Fundamentals of Computer
Forensics
o Understanding Computer
Forensics
o Objectives of Computer
Forensics
o Need for Computer Forensics
o When Do You Use Computer
Forensics?
o Types of Cybercrimes
•
Examples of Cybercrimes
o Impact of Cybercrimes at the
Organizational Level
Understand Digital Evidence
o Introduction to Digital
Evidence
o Types of Digital Evidence
o Roles of Digital Evidence
o Sources of Potential
Evidence
o Rules of Evidence
o Best Evidence Rule
o Federal Rules of Evidence
(United States)
o Scientific Working Group on
Digital Evidence (SWGDE)
o The Association of Chief Police
Officers (ACPO) Principles of Digital Evidence
Understand Forensic Readiness
o Forensic Readiness
o Forensic Readiness and Business
Continuity
o Forensics Readiness
Planning
Identify the Roles and Responsibilities of a Forensic
Investigator
o Need for a Forensic
Investigator
o Roles and Responsibilities of a
Forensics Investigator
o What Makes a Good Computer
Forensics Investigator?
Understand Legal Compliance in Computer
Forensics
o Computer Forensics and Legal
Compliance
o Other Laws Relevant to Computer
Forensics
Module 02: Computer Forensics Investigation Process
Understand the Forensic Investigation Process and its
Importance
o Forensic Investigation
Process
o Importance of the Forensic
Investigation Process
o Phases Involved in the
Forensics Investigation Process
Forensic Investigation Process - Pre-investigation
Phase
o Setting Up a Computer Forensics
Lab
o Building the Investigation
Team
o Understanding the Hardware and
Software Requirements of a Forensic Lab
Forensic Investigation Process - Investigation
Phase
o Computer Forensics
Investigation Methodology
•
Documenting the Electronic Crime Scene
•
Search and Seizure
•
Planning the Search and Seizure
•
Evidence Preservation
•
Data Acquisition
•
Data Analysis
•
Case Analysis
Forensic Investigation Process - Post-investigation
Phase
o Gathering and Organizing
Information
o Writing the Investigation
Report
o Forensics Investigation Report
Template
o Testifying as an Expert
Witness
Lab Exercise
o Performing Hash or HMAC
Calculations
o Comparing Hash Values of Files
to Check their Integrity
o Viewing Files of Various
Formats
o Creating a Disk Image File of a
Hard Disk Partition
Module 03: Understanding Hard Disks and File Systems
Describe Different Types of Disk Drives and their
Characteristics
o Understanding Hard Disk
Drive
•
Tracks
•
Track Numbering
•
Sector
•
Sector Addressing
• 4K
Sectors
•
Data Density on a Hard Disk
•
CHS (Cylinder-Head-Sector) Data Addressing and Disk Capacity
Calculation
•
Measuring the Hard Disk Performance
o Understanding Solid-State Drive
(SSD)
o Disk Interfaces
•
ATA/PATA (IDE/EIDE)
•
Serial ATA/ SATA (AHCI)
•
Serial Attached SCSI
•
PCIe SSD
•
SCSI
Explain the Logical Structure of a Disk
o Logical Structure of Disk
o Clusters
o Cluster Size
o Lost Clusters
o Slack Space
o Master Boot Record (MBR)
o Structure of a Master Boot
Record
o Disk Partitions
o BIOS Parameter Block (BPB)
o Globally Unique Identifier
(GUID)
•
GUID Partition Table (GPT)
Understand Booting Process of Windows, Linux, and Mac
Operating Systems
o What is the Booting
Process?
o Essential Windows System
Files
o Windows Boot Process: BIOS-MBR
Method
•
Identifying the MBR Partition
o Windows Boot Process:
UEFI-GPT
•
Identifying the GUID Partition Table (GPT)
•
Analyzing the GPT Header and Entries
•
GPT Artifacts
o Macintosh Boot Process
o Linux Boot Process
Understand Various File Systems of Windows, Linux, and Mac
Operating Systems
o Windows File Systems
•
File Allocation Table (FAT)
•
New Technology File System (NTFS)
➢ NTFS Architecture
➢ NTFS System Files
•
Encrypting File Systems (EFS)
•
Sparse Files
o Linux File Systems
•
Linux File System Architecture
•
Filesystem Hierarchy Standard (FHS)
•
Extended File System (ext)
•
Second Extended File System (ext2)
•
Third Extended File System (ext3)
•
Journaling File System
•
Fourth Extended File System (ext4)
o macOS File Systems
•
Hierarchical File System Plus (HFS+)
•
Apple File System (APFS)
Examine the File System
o File System Analysis using
Autopsy
o File System Analysis using The
Sleuth Kit (TSK)
o Recovering Deleted Files from
Hard Disks using WinHex
Lab Exercise
o Analyzing File System of a
Linux Image
o Recovering Deleted Files from
Hard Disks
Module 04: Data Acquisition and Duplication
Understand Data Acquisition Fundamentals
o Data Acquisition
o Live Acquisition
o Order of Volatility
o Dead Acquisition
o Rules of Thumb for Data
Acquisition
Discuss Different Types of Data Acquisition
o Types of Data Acquisition
•
Logical Acquisition
•
Sparse Acquisition
•
Bit-Stream Imaging
➢ Bit-stream disk-to-image file
➢ Bit-stream disk-to-disk
Lab Exercise
o Creating a dd Image of a
System Drive
Determine the Data Acquisition Format
o Raw Format
o Proprietary Format
o Advanced Forensics Format
(AFF)
o Advanced Forensic Framework 4
(AFF4)
Understand Data Acquisition Methodology
o Data Acquisition
Methodology
•
Step 1: Determine the Best Data Acquisition Method
•
Step 2: Select the Data Acquisition Tool
•
Step 3: Sanitize the Target Media
•
Step 4: Acquire Volatile Data
•
Step 5: Enable Write Protection on the Evidence Media
•
Step 6: Acquire Non-Volatile Data
➢ Acquire Non-volatile Data (Using a Windows Forensic
Workstation)
•
Step 7: Plan for Contingency
•
Step 8: Validate Data Acquisition
➢ Validate Data Acquisition – Windows Validation Methods
Lab Exercise
o Converting Acquired Image
File to a Bootable Virtual Machine
o Acquiring RAM from Windows
Workstations
o Viewing Contents of Forensic
Image File
Module 05: Defeating Anti-forensics Techniques
Understand Anti-forensics and its
Techniques
o What is Anti-forensics?
o Anti-forensics Techniques
•
Data/File Deletion
➢ What Happens When a File is Deleted in Windows?
➢ Recycle Bin in Windows
➢ Recycle Bin Forensics
•
File Carving
➢ File Carving on Windows
➢ File Recovery Tools: Windows
➢ File Carving on Linux
➢ SSD File Carving on Linux File System
•
Recovering Deleted Partitions
➢ Recovering Deleted Partitions: Using EaseUS Data Recovery
Wizard
•
Password Protection
➢ Password Types
➢ Password Cracking Techniques
➢ Password Cracking Tools
•
Steganography
➢ Steganography Detection Tools
•
Alternate Data Streams
•
Trail Obfuscation
•
Artifact Wiping
•
Overwriting Data/Metadata
•
Encryption
Lab Exercise
o SSD File Carving on a
Windows File System
o Recovering Data from Lost /
Deleted Disk Partition
o Cracking Application
Passwords
o Detecting Steganography
Discuss Anti-forensics Countermeasures
o Anti-forensics
Countermeasures
o Anti-forensics Tools
Module 06: Windows Forensics
Collect Volatile and Non-Volatile
Information
o Introduction to OS
Forensics
o Collecting Volatile
Information
•
Collecting System Time
•
Collecting Logged-On Users
•
Collecting Open Files
➢ net file Command
➢ Using NetworkOpenedFiles
•
Collecting Network Information
•
Collecting Information about Network Connections
•
Process Information
•
Process-to-Port Mapping
•
Examining Process Memory
•
Collecting Network Status
o Collecting Non-Volatile
Information
•
Examining File Systems
•
ESE Database File
➢ Examining .edb File Using ESEDatabaseView
•
Windows Search Index Analysis
•
Detecting Externally Connected Devices to the System
•
Slack Space
Lab Exercise
o Acquiring Volatile
Information from a Live Windows System
Perform Windows Memory and Registry Analysis
o Windows Memory Analysis
•
Windows Crash Dump
•
Collecting Process Memory
•
Random Access Memory (RAM) Acquisition
•
Memory Forensics: Malware Analysis Using Redline
o Windows Registry Analysis
•
Windows Registry
•
Registry Structure within a Hive File
•
Windows Registry: Forensic Analysis
Lab Exercise
o Investigating Forensic Image of
Windows RAM
Examine Cache, Cookie, and History Recorded in Web
Browsers
o Cache, Cookie, and History
Analysis
•
Google Chrome
➢ Analysis Tool: ChromeCacheView
➢ Analysis Tool: ChromeCookiesView
➢ Analysis Tool: ChromeHistoryView
•
Mozilla Firefox
•
Microsoft Edge
Lab Exercise
o Examining Web Browser
Artifacts
Examine Windows Files and Metadata
o Windows File Analysis
•
System Restore Points (Rp.log Files)
•
System Restore Points (Change.log.x Files)
•
Prefetch Files
•
Image Files
o Metadata Investigation
•
Understanding Metadata
•
Metadata in Different File Systems
•
Metadata in PDF Files
•
Metadata in Word Documents
•
Metadata Analysis Tool: Metashield Analyzer
Lab Exercise
o Extracting Information about Loaded Processes on a Computer
Module 07: Linux and Mac Forensics
Understand Volatile and Non-Volatile Data in
Linux
o Introduction to Linux
Forensics
o Collecting Volatile Data
•
Collecting Hostname, Date, and Time
•
Collecting Uptime Data
•
Collecting Network Information
•
Viewing Network Routing Tables
•
Collecting Open Port Information
•
Finding Programs/Processes Associated with a Port
•
Collecting Data on Open Files
•
Viewing Running Processes in the System
o Collecting Non-Volatile
Data
•
Collecting System Information
•
Collecting Kernel Information
•
Collecting User Account Information
•
Collecting Currently Logged-in Users and Login History
Information
•
Collecting System Logs Data
➢ Linux Log Files
Analyze Filesystem Images Using The Sleuth Kit
o File System Analysis Using The
Sleuth Kit: fsstat
o System Analysis Using The
Sleuth Kit: fls and istat
Demonstrate Memory Forensics
o Memory Forensics:
Introduction
o Memory Forensics Using
Volatility Framework
o Carving Memory Dumps Using
PhotoRec Tool
Lab Exercise
o Forensic Investigation on a
Linux Memory Dump
o Recovering Data from a Linux
Memory Dump
Understand Mac Forensics
o Introduction to Mac
Forensics
o Mac Forensics Data
o Mac Log Files
o Mac Directories
o APFS Analysis: Biskus APFS
Capture
o Parsing Metadata on
Spotlight
o Mac Forensics Tools
Module 08: Network Forensics
Understand Network Forensics Fundamentals
o Introduction to Network
Forensics
o Postmortem and Real-Time
Analysis
o Network Attacks
o Indicators of Compromise
(IoCs)
o Where to Look for Evidence
o Types of Network-based
Evidence
Understand Event Correlation Concepts and
Types
o Event Correlation
o Types of Event Correlation
o Prerequisites of Event
Correlation
o Event Correlation
Approaches
Identify Indicators of Compromise (IoCs) from Network
Logs
o Analyzing Firewall Logs
•
Analyzing Firewall Logs: Cisco
•
Analyzing Firewall Logs: Check Point
o Analyzing IDS Logs
•
Analyzing IDS Logs: Check Point
o Analyzing Honeypot Logs
o Analyzing Router Logs
•
Analyzing Router Logs: Cisco
o Analyzing DHCP Logs
Investigate Network Traffic
o Why Investigate Network
Traffic?
o Gathering Evidence via
Sniffers
•
Sniffing Tool: Tcpdump
•
Sniffing Tool: Wireshark
•
Display Filters in Wireshark
o Analyze Traffic for TCP SYN Flood DoS
Attack
o Analyze Traffic for SYN-FIN Flood DoS
Attack
o Analyze Traffic for FTP Password
Cracking Attempts
o Analyze Traffic for SMB Password
Cracking Attempts
o Analyze Traffic for Sniffing
Attempts
o Analyze Traffic for MAC Flooding
Attempt
o Analyze Traffic for ARP Poisoning
Attempt
o Analyze Traffic to Detect Malware
Activity Lab Exercise
o Identifying and Investigating Various
Network Attacks using Wireshark
Module 09: Investigating Web Attacks
Understand Web Application Forensics
o Introduction to Web Application
Forensics
o Challenges in Web Application
Forensics
o Indications of a Web Attack
o Web Application Threats
o Web Attack Investigation
Methodology
Understand IIS and Apache Web Server Logs
o IIS Logs
•
IIS Web Server Architecture
•
IIS Logs
•
Analyzing IIS Logs
o Apache Web Server Logs
•
Apache Web Server Architecture
•
Apache Web Server Logs
•
Apache Access Logs
•
Analyzing Apache Access Logs
•
Apache Error Logs
➢ Analyzing Apache Error Logs
Investigating Web Attacks on Windows-based
Servers
Detect and Investigate Various Attacks on Web
Applications
o Investigating Cross-Site
Scripting (XSS) Attack
•
Investigating XSS: Using Regex to Search XSS Strings
•
Examining Apache Logs for XSS Attack
•
Examining Snort Alert Logs for XSS Attack
•
Examining SIEM Logs for XSS Attack
o Investigating SQL Injection
Attack
•
Investigating SQL Injection Attack: Using Regex
•
Examining IIS Logs for SQL Injection Attack
•
Examining Snort Alert Logs for SQL Injection Attack
•
Examining SIEM Logs for SQL Injection Attack
Lab Exercise
o Identifying and Investigating Web Application Attacks Using Splunk
Module 10: Dark Web Forensics
Understand the Dark Web
o Understanding the Dark Web
o Tor Relays
o Working of the Tor Browser
o Tor Bridge Node
Understand Dark Web Forensics
o Dark Web Forensics
o Identifying Tor Browser
Artifacts: Command Prompt
o Identifying Tor Browser
Artifacts: Windows Registry
o Identifying Tor Browser
Artifacts: Prefetch Files
o Dark Web Forensics
Challenges
Lab Exercise
o Detecting TOR Browser on a
Machine
Perform Tor Browser Forensics
o Memory Acquisition
o Collecting Memory Dumps
o Memory Dump Analysis: Bulk
Extractor
Lab Exercise
o Analyzing RAM Dumps to Retrieve TOR Browser Artifacts
Module 11: Investigating Email Crimes
Understand Email Basics
o Introduction to an Email
System
o Components Involved in Email
Communication
o How Email Communication
Works?
o Understanding the Parts of an
Email Message
Understand Email Crime Investigation and its
Steps
o Introduction to Email Crime
Investigation
o Steps to Investigate Email
Crimes
•
Step 1: Seizing the Computer and Email Accounts
•
Step 2: Acquiring the Email Data
➢ Acquiring Email Data from Desktop-based Email Clients
➢ Local Email Files in Microsoft Outlook
➢ Acquiring Thunderbird Local Email Files via SysTools
MailPro+
•
Step 3: Examining Email Messages
•
Step 4: Retrieving Email Headers
➢ Retrieving Email Headers in Microsoft Outlook
➢ Retrieving Email Headers in Microsoft Outlook.com
➢ Retrieving Email Headers in Gmail
•
Step 5: Analyzing Email Headers
➢ Checking Email Authenticity
➢ Investigating a Suspicious Email
•
Step 6: Recovering Deleted Email Messages
➢ Recovering Deleted Email Messages from Outlook .pst Files
Using Paraben’s Electronic Evidence Examiner
Lab Exercise
o Investigating a Suspicious Email
Module 12: Malware Forensics
Understand Malware, its Components and Distribution
Methods
o Introduction to Malware
o Components of Malware
o Common Techniques Attackers Use
to Distribute Malware across Web
Understand Malware Forensics Fundamentals and Recognize
Types of Malware
Analysis
o Introduction to Malware
Forensics
o Why Analyze Malware?
o Malware Analysis Challenges
o Identifying and Extracting
Malware
o Prominence of Setting Up a
Controlled Malware Analysis Lab
o Preparing Testbed for Malware
Analysis
o Supporting Tools for Malware
Analysis
o General Rules for Malware
Analysis
o Types of Malware Analysis
Perform Static Malware Analysis
o Malware Analysis: Static
o File Fingerprinting
o Online Malware Scanning
o Performing Strings Search
o Identifying Packing/Obfuscation
Methods
o Finding the Portable
Executables (PE) Information
o Identifying File
Dependencies
o Malware Disassembly
Lab Exercise
o Performing Static Analysis
on a Suspicious File
Analyze Suspicious Word Documents
o Analyzing Suspicious MS Office
Document
•
Finding Suspicious Components
•
Finding Macro Streams
•
Dumping Macro Streams
•
Identifying Suspicious VBA Keywords
Lab Exercise
o Forensic Examination of a
Suspicious Microsoft Office Document
Perform Dynamic Malware Analysis
o Malware Analysis: Dynamic
o Pre-Execution Preparation
o Monitoring Host Integrity
o Observing Runtime Behavior
Perform System Behavior Analysis
o Monitoring Registry
Artifacts
•
Windows AutoStart Registry Keys
•
Analyzing Windows AutoStart Registry Keys
o Monitoring Processes
o Monitoring Windows Services
o Monitoring Startup Programs
•
Startup Programs Monitoring Tool: AutoRuns for Windows
o Monitoring Windows Event
Logs
o Monitoring API Calls
o Monitoring Device Drivers
•
Device Drivers Monitoring Tool: DriverView
o Monitoring Files and
Folders
•
File and Folder Monitoring Tool: PA File Sight
•
File and Folder Integrity Checkers: FastSum and WinMD5
Lab Exercise
o Performing System Behaviour
Analysis
Perform Network Behavior Analysis
o Monitoring Network
Activities
•
Monitoring IP Addresses
o Monitoring Port
•
Port Monitoring Tools: TCPView and CurrPorts
o Monitoring DNS
•
DNS Monitoring Tool: DNSQuerySniffer
Verrijk Uw Carrière met OEM's ICT Trainingen
Waarom kiezen voor
OEM?
Ervaring: Meer dan 20 jaar
expertise in ICT-trainingen.
Uitgebreide Selectie: Meer dan 1000 cursussen van
200 topmerken.
Hoge Tevredenheid: Beoordeeld met een 9.0 op
Springest.
Kwaliteitsgarantie: Gecertificeerde docenten en
award-winning E-learning.
Partnerschappen: Microsoft Partner, EC-Council
Partner, Certiport en Pearson VUE.
Blijf op de hoogte van nieuwe ervaringen
Deel je ervaring
Heb je ervaring met deze cursus? Deel je ervaring en help anderen kiezen. Als dank voor de moeite doneert Springest € 1,- aan Stichting Edukans.Er zijn nog geen veelgestelde vragen over dit product. Als je een vraag hebt, neem dan contact op met onze klantenservice.