Digital Forensics Essentials (DFE)

Type product

Digital Forensics Essentials (DFE)

OEM ICT Trainingen & Advies
Logo van OEM ICT Trainingen & Advies
Opleiderscore: starstarstarstarstar_half 9,0 OEM ICT Trainingen & Advies heeft een gemiddelde beoordeling van 9,0 (uit 211 ervaringen)

Tip: meer info over het programma, prijs, en inschrijven? Download de brochure!

Beschrijving

Digital Forensics Essentials (DFE)

Digital Forensics Essentials (D|FE) is een basiscursus op instapniveau om beginners te helpen de facetten van digitaal forensisch onderzoek, de fasen en typen ervan te begrijpen. Het doel van de basiscursus is om je competentie en expertise op het gebied van digitaal forensisch onderzoek en informatiebeveiliging te vergroten. De cursus biedt 12 uitgebreide modules, 11 uur aan eersteklas zelfstudievideotraining, cursusmateriaal en 11 labs; de cursus behandelt onderwerpen als forensisch onderzoek van het donkere web, Linux, onderzoek van webtoepassingen en meer. Test je kennis met CTF-gebaseerde Capstone-projecten en valideer je nieuw verworven vaardigheden …

Lees de volledige beschrijving

Veelgestelde vragen

Er zijn nog geen veelgestelde vragen over dit product. Als je een vraag hebt, neem dan contact op met onze klantenservice.

Digital Forensics Essentials (DFE)

Digital Forensics Essentials (D|FE) is een basiscursus op instapniveau om beginners te helpen de facetten van digitaal forensisch onderzoek, de fasen en typen ervan te begrijpen. Het doel van de basiscursus is om je competentie en expertise op het gebied van digitaal forensisch onderzoek en informatiebeveiliging te vergroten. De cursus biedt 12 uitgebreide modules, 11 uur aan eersteklas zelfstudievideotraining, cursusmateriaal en 11 labs; de cursus behandelt onderwerpen als forensisch onderzoek van het donkere web, Linux, onderzoek van webtoepassingen en meer. Test je kennis met CTF-gebaseerde Capstone-projecten en valideer je nieuw verworven vaardigheden in examens. vaardigheden in gesurveilleerde examens.

Cursusinhoud

Module 01: Computer Forensics Fundamentals

Understand the Fundamentals of Computer Forensics
         o Understanding Computer Forensics
         o Objectives of Computer Forensics
         o Need for Computer Forensics
         o When Do You Use Computer Forensics?
         o Types of Cybercrimes
                  • Examples of Cybercrimes
         o Impact of Cybercrimes at the Organizational Level

Understand Digital Evidence
         o Introduction to Digital Evidence
         o Types of Digital Evidence
         o Roles of Digital Evidence
         o Sources of Potential Evidence
         o Rules of Evidence
         o Best Evidence Rule
         o Federal Rules of Evidence (United States)
         o Scientific Working Group on Digital Evidence (SWGDE)
         o The Association of Chief Police Officers (ACPO) Principles of Digital Evidence

Understand Forensic Readiness
         o Forensic Readiness
         o Forensic Readiness and Business Continuity
         o Forensics Readiness Planning

Identify the Roles and Responsibilities of a Forensic Investigator
         o Need for a Forensic Investigator
         o Roles and Responsibilities of a Forensics Investigator
         o What Makes a Good Computer Forensics Investigator?

Understand Legal Compliance in Computer Forensics
         o Computer Forensics and Legal Compliance
         o Other Laws Relevant to Computer Forensics

Module 02: Computer Forensics Investigation Process

Understand the Forensic Investigation Process and its Importance
         o Forensic Investigation Process
         o Importance of the Forensic Investigation Process
         o Phases Involved in the Forensics Investigation Process

Forensic Investigation Process - Pre-investigation Phase
         o Setting Up a Computer Forensics Lab
         o Building the Investigation Team
         o Understanding the Hardware and Software Requirements of a Forensic Lab

Forensic Investigation Process - Investigation Phase
         o Computer Forensics Investigation Methodology
                  • Documenting the Electronic Crime Scene
                  • Search and Seizure
                  • Planning the Search and Seizure
                  • Evidence Preservation
                  • Data Acquisition
                  • Data Analysis
                  • Case Analysis

Forensic Investigation Process - Post-investigation Phase
         o Gathering and Organizing Information
         o Writing the Investigation Report
         o Forensics Investigation Report Template
         o Testifying as an Expert Witness

Lab Exercise

         o Performing Hash or HMAC Calculations
         o Comparing Hash Values of Files to Check their Integrity
         o Viewing Files of Various Formats
         o Creating a Disk Image File of a Hard Disk Partition

Module 03: Understanding Hard Disks and File Systems

Describe Different Types of Disk Drives and their Characteristics
         o Understanding Hard Disk Drive
                  • Tracks
                  • Track Numbering
                  • Sector
                  • Sector Addressing
                  • 4K Sectors
                  • Data Density on a Hard Disk
                  • CHS (Cylinder-Head-Sector) Data Addressing and Disk Capacity Calculation
                  • Measuring the Hard Disk Performance
         o Understanding Solid-State Drive (SSD)
         o Disk Interfaces
                  • ATA/PATA (IDE/EIDE)
                  • Serial ATA/ SATA (AHCI)
                  • Serial Attached SCSI
                  • PCIe SSD
                  • SCSI

Explain the Logical Structure of a Disk
         o Logical Structure of Disk
         o Clusters
         o Cluster Size
         o Lost Clusters
         o Slack Space
         o Master Boot Record (MBR)
         o Structure of a Master Boot Record
         o Disk Partitions
         o BIOS Parameter Block (BPB)
         o Globally Unique Identifier (GUID)
                  • GUID Partition Table (GPT)

Understand Booting Process of Windows, Linux, and Mac Operating Systems
         o What is the Booting Process?
         o Essential Windows System Files
         o Windows Boot Process: BIOS-MBR Method
                  • Identifying the MBR Partition
         o Windows Boot Process: UEFI-GPT
                  • Identifying the GUID Partition Table (GPT)
                  • Analyzing the GPT Header and Entries
                  • GPT Artifacts
         o Macintosh Boot Process
         o Linux Boot Process
Understand Various File Systems of Windows, Linux, and Mac Operating Systems
         o Windows File Systems
                  • File Allocation Table (FAT)
                  • New Technology File System (NTFS)
                    ➢ NTFS Architecture
                    ➢ NTFS System Files
                  • Encrypting File Systems (EFS)
                  • Sparse Files
         o Linux File Systems
                  • Linux File System Architecture
                  • Filesystem Hierarchy Standard (FHS)
                  • Extended File System (ext)
                  • Second Extended File System (ext2)
                  • Third Extended File System (ext3)
                  • Journaling File System
                  • Fourth Extended File System (ext4)
         o macOS File Systems
                  • Hierarchical File System Plus (HFS+)
                  • Apple File System (APFS)
Examine the File System
         o File System Analysis using Autopsy
         o File System Analysis using The Sleuth Kit (TSK)
         o Recovering Deleted Files from Hard Disks using WinHex

Lab Exercise

         o Analyzing File System of a Linux Image
         o Recovering Deleted Files from Hard Disks

Module 04: Data Acquisition and Duplication

Understand Data Acquisition Fundamentals
         o Data Acquisition
         o Live Acquisition
         o Order of Volatility
         o Dead Acquisition
         o Rules of Thumb for Data Acquisition

Discuss Different Types of Data Acquisition
         o Types of Data Acquisition
                  • Logical Acquisition
                  • Sparse Acquisition
                  • Bit-Stream Imaging
                    ➢ Bit-stream disk-to-image file
                    ➢ Bit-stream disk-to-disk

Lab Exercise

         o Creating a dd Image of a System Drive

Determine the Data Acquisition Format
         o Raw Format
         o Proprietary Format
         o Advanced Forensics Format (AFF)
         o Advanced Forensic Framework 4 (AFF4)

Understand Data Acquisition Methodology
         o Data Acquisition Methodology
                  • Step 1: Determine the Best Data Acquisition Method
                  • Step 2: Select the Data Acquisition Tool
                  • Step 3: Sanitize the Target Media
                  • Step 4: Acquire Volatile Data
                  • Step 5: Enable Write Protection on the Evidence Media
                  • Step 6: Acquire Non-Volatile Data
                    ➢ Acquire Non-volatile Data (Using a Windows Forensic Workstation)
                  • Step 7: Plan for Contingency
                  • Step 8: Validate Data Acquisition
                    ➢ Validate Data Acquisition – Windows Validation Methods

Lab Exercise

         o Converting Acquired Image File to a Bootable Virtual Machine
         o Acquiring RAM from Windows Workstations
         o Viewing Contents of Forensic Image File

Module 05: Defeating Anti-forensics Techniques

Understand Anti-forensics and its Techniques
         o What is Anti-forensics?
         o Anti-forensics Techniques
                  • Data/File Deletion
                    ➢ What Happens When a File is Deleted in Windows?
                    ➢ Recycle Bin in Windows
                    ➢ Recycle Bin Forensics
                  • File Carving
                    ➢ File Carving on Windows
                    ➢ File Recovery Tools: Windows
                    ➢ File Carving on Linux
                    ➢ SSD File Carving on Linux File System
                  • Recovering Deleted Partitions
                    ➢ Recovering Deleted Partitions: Using EaseUS Data Recovery Wizard
                  • Password Protection
                    ➢ Password Types
                    ➢ Password Cracking Techniques
                    ➢ Password Cracking Tools
                  • Steganography
                    ➢ Steganography Detection Tools
                  • Alternate Data Streams
                  • Trail Obfuscation
                  • Artifact Wiping
                  • Overwriting Data/Metadata
                  • Encryption

Lab Exercise

         o SSD File Carving on a Windows File System
         o Recovering Data from Lost / Deleted Disk Partition
         o Cracking Application Passwords
         o Detecting Steganography

Discuss Anti-forensics Countermeasures
         o Anti-forensics Countermeasures
         o Anti-forensics Tools

Module 06: Windows Forensics

Collect Volatile and Non-Volatile Information
         o Introduction to OS Forensics
         o Collecting Volatile Information
                  • Collecting System Time
                  • Collecting Logged-On Users
                  • Collecting Open Files
                    ➢ net file Command
                    ➢ Using NetworkOpenedFiles
                  • Collecting Network Information
                  • Collecting Information about Network Connections
                  • Process Information
                  • Process-to-Port Mapping
                  • Examining Process Memory
                  • Collecting Network Status
         o Collecting Non-Volatile Information
                  • Examining File Systems
                  • ESE Database File
                   ➢ Examining .edb File Using ESEDatabaseView
                  • Windows Search Index Analysis
                  • Detecting Externally Connected Devices to the System
                  • Slack Space

Lab Exercise

         o Acquiring Volatile Information from a Live Windows System

Perform Windows Memory and Registry Analysis
         o Windows Memory Analysis
                  • Windows Crash Dump
                  • Collecting Process Memory
                  • Random Access Memory (RAM) Acquisition
                  • Memory Forensics: Malware Analysis Using Redline
         o Windows Registry Analysis
                  • Windows Registry
                  • Registry Structure within a Hive File
                  • Windows Registry: Forensic Analysis

Lab Exercise

         o Investigating Forensic Image of Windows RAM

Examine Cache, Cookie, and History Recorded in Web Browsers
         o Cache, Cookie, and History Analysis
                  • Google Chrome
                    ➢ Analysis Tool: ChromeCacheView
                    ➢ Analysis Tool: ChromeCookiesView
                    ➢ Analysis Tool: ChromeHistoryView
                 • Mozilla Firefox
                 • Microsoft Edge

Lab Exercise

         o Examining Web Browser Artifacts

Examine Windows Files and Metadata
         o Windows File Analysis
                  • System Restore Points (Rp.log Files)
                  • System Restore Points (Change.log.x Files)
                  • Prefetch Files
                  • Image Files
         o Metadata Investigation
                  • Understanding Metadata
                  • Metadata in Different File Systems
                  • Metadata in PDF Files
                  • Metadata in Word Documents
                  • Metadata Analysis Tool: Metashield Analyzer

Lab Exercise

         o Extracting Information about Loaded Processes on a Computer

Module 07: Linux and Mac Forensics

Understand Volatile and Non-Volatile Data in Linux
         o Introduction to Linux Forensics
         o Collecting Volatile Data
                  • Collecting Hostname, Date, and Time
                  • Collecting Uptime Data
                  • Collecting Network Information
                  • Viewing Network Routing Tables
                  • Collecting Open Port Information
                  • Finding Programs/Processes Associated with a Port
                  • Collecting Data on Open Files
                  • Viewing Running Processes in the System
         o Collecting Non-Volatile Data
                  • Collecting System Information
                  • Collecting Kernel Information
                  • Collecting User Account Information
                  • Collecting Currently Logged-in Users and Login History Information
                  • Collecting System Logs Data
                     ➢ Linux Log Files

Analyze Filesystem Images Using The Sleuth Kit
         o File System Analysis Using The Sleuth Kit: fsstat
         o System Analysis Using The Sleuth Kit: fls and istat

Demonstrate Memory Forensics
         o Memory Forensics: Introduction
         o Memory Forensics Using Volatility Framework
         o Carving Memory Dumps Using PhotoRec Tool

Lab Exercise

         o Forensic Investigation on a Linux Memory Dump
         o Recovering Data from a Linux Memory Dump

Understand Mac Forensics
         o Introduction to Mac Forensics
         o Mac Forensics Data
         o Mac Log Files
         o Mac Directories
         o APFS Analysis: Biskus APFS Capture
         o Parsing Metadata on Spotlight
         o Mac Forensics Tools

Module 08: Network Forensics

Understand Network Forensics Fundamentals
         o Introduction to Network Forensics
         o Postmortem and Real-Time Analysis
         o Network Attacks
         o Indicators of Compromise (IoCs)
         o Where to Look for Evidence
         o Types of Network-based Evidence

Understand Event Correlation Concepts and Types
         o Event Correlation
         o Types of Event Correlation
         o Prerequisites of Event Correlation
         o Event Correlation Approaches

Identify Indicators of Compromise (IoCs) from Network Logs
         o Analyzing Firewall Logs
                  • Analyzing Firewall Logs: Cisco
                  • Analyzing Firewall Logs: Check Point
         o Analyzing IDS Logs
                  • Analyzing IDS Logs: Check Point
         o Analyzing Honeypot Logs
         o Analyzing Router Logs
                  • Analyzing Router Logs: Cisco
         o Analyzing DHCP Logs

Investigate Network Traffic
         o Why Investigate Network Traffic?
         o Gathering Evidence via Sniffers
                  • Sniffing Tool: Tcpdump
                  • Sniffing Tool: Wireshark
                  • Display Filters in Wireshark
        o Analyze Traffic for TCP SYN Flood DoS Attack
        o Analyze Traffic for SYN-FIN Flood DoS Attack
        o Analyze Traffic for FTP Password Cracking Attempts
        o Analyze Traffic for SMB Password Cracking Attempts
        o Analyze Traffic for Sniffing Attempts
        o Analyze Traffic for MAC Flooding Attempt
        o Analyze Traffic for ARP Poisoning Attempt
        o Analyze Traffic to Detect Malware Activity Lab Exercise
        o Identifying and Investigating Various Network Attacks using Wireshark

Module 09: Investigating Web Attacks

Understand Web Application Forensics
         o Introduction to Web Application Forensics
         o Challenges in Web Application Forensics
         o Indications of a Web Attack
         o Web Application Threats
         o Web Attack Investigation Methodology

Understand IIS and Apache Web Server Logs
         o IIS Logs
                  • IIS Web Server Architecture
                  • IIS Logs
                  • Analyzing IIS Logs
        o Apache Web Server Logs
                  • Apache Web Server Architecture
                  • Apache Web Server Logs
                  • Apache Access Logs
                  • Analyzing Apache Access Logs
                  • Apache Error Logs
                    ➢ Analyzing Apache Error Logs

Investigating Web Attacks on Windows-based Servers
Detect and Investigate Various Attacks on Web Applications
         o Investigating Cross-Site Scripting (XSS) Attack
                  • Investigating XSS: Using Regex to Search XSS Strings
                  • Examining Apache Logs for XSS Attack
                  • Examining Snort Alert Logs for XSS Attack
                  • Examining SIEM Logs for XSS Attack
         o Investigating SQL Injection Attack
                  • Investigating SQL Injection Attack: Using Regex
                  • Examining IIS Logs for SQL Injection Attack
                  • Examining Snort Alert Logs for SQL Injection Attack
                  • Examining SIEM Logs for SQL Injection Attack

Lab Exercise

         o Identifying and Investigating Web Application Attacks Using Splunk

Module 10: Dark Web Forensics

Understand the Dark Web
         o Understanding the Dark Web
         o Tor Relays
         o Working of the Tor Browser
         o Tor Bridge Node

Understand Dark Web Forensics
         o Dark Web Forensics
         o Identifying Tor Browser Artifacts: Command Prompt
         o Identifying Tor Browser Artifacts: Windows Registry
         o Identifying Tor Browser Artifacts: Prefetch Files
         o Dark Web Forensics Challenges

Lab Exercise

         o Detecting TOR Browser on a Machine

Perform Tor Browser Forensics
         o Memory Acquisition
         o Collecting Memory Dumps
         o Memory Dump Analysis: Bulk Extractor

Lab Exercise

         o Analyzing RAM Dumps to Retrieve TOR Browser Artifacts

Module 11: Investigating Email Crimes

Understand Email Basics
         o Introduction to an Email System
         o Components Involved in Email Communication
         o How Email Communication Works?
         o Understanding the Parts of an Email Message

Understand Email Crime Investigation and its Steps
         o Introduction to Email Crime Investigation
         o Steps to Investigate Email Crimes
                  • Step 1: Seizing the Computer and Email Accounts
                  • Step 2: Acquiring the Email Data
                    ➢ Acquiring Email Data from Desktop-based Email Clients
                    ➢ Local Email Files in Microsoft Outlook
                    ➢ Acquiring Thunderbird Local Email Files via SysTools MailPro+
                  • Step 3: Examining Email Messages
                  • Step 4: Retrieving Email Headers
                    ➢ Retrieving Email Headers in Microsoft Outlook
                    ➢ Retrieving Email Headers in Microsoft Outlook.com
                    ➢ Retrieving Email Headers in Gmail
                  • Step 5: Analyzing Email Headers
                    ➢ Checking Email Authenticity
                    ➢ Investigating a Suspicious Email
                  • Step 6: Recovering Deleted Email Messages
                    ➢ Recovering Deleted Email Messages from Outlook .pst Files Using Paraben’s Electronic Evidence Examiner

Lab Exercise

         o Investigating a Suspicious Email

Module 12: Malware Forensics

Understand Malware, its Components and Distribution Methods
         o Introduction to Malware
         o Components of Malware
         o Common Techniques Attackers Use to Distribute Malware across Web

Understand Malware Forensics Fundamentals and Recognize Types of Malware
Analysis
         o Introduction to Malware Forensics
         o Why Analyze Malware?
         o Malware Analysis Challenges
         o Identifying and Extracting Malware
         o Prominence of Setting Up a Controlled Malware Analysis Lab
         o Preparing Testbed for Malware Analysis
         o Supporting Tools for Malware Analysis
         o General Rules for Malware Analysis
         o Types of Malware Analysis

Perform Static Malware Analysis
         o Malware Analysis: Static
         o File Fingerprinting
         o Online Malware Scanning
         o Performing Strings Search
         o Identifying Packing/Obfuscation Methods
         o Finding the Portable Executables (PE) Information
         o Identifying File Dependencies
         o Malware Disassembly

Lab Exercise

         o Performing Static Analysis on a Suspicious File

Analyze Suspicious Word Documents
         o Analyzing Suspicious MS Office Document
                  • Finding Suspicious Components
                  • Finding Macro Streams
                  • Dumping Macro Streams
                  • Identifying Suspicious VBA Keywords

Lab Exercise

         o Forensic Examination of a Suspicious Microsoft Office Document

Perform Dynamic Malware Analysis
          o Malware Analysis: Dynamic
          o Pre-Execution Preparation
          o Monitoring Host Integrity
          o Observing Runtime Behavior

Perform System Behavior Analysis
         o Monitoring Registry Artifacts
                  • Windows AutoStart Registry Keys
                  • Analyzing Windows AutoStart Registry Keys
         o Monitoring Processes
         o Monitoring Windows Services
         o Monitoring Startup Programs
                  • Startup Programs Monitoring Tool: AutoRuns for Windows
         o Monitoring Windows Event Logs
         o Monitoring API Calls
         o Monitoring Device Drivers
                  • Device Drivers Monitoring Tool: DriverView
         o Monitoring Files and Folders
                  • File and Folder Monitoring Tool: PA File Sight
                  • File and Folder Integrity Checkers: FastSum and WinMD5

Lab Exercise

         o Performing System Behaviour Analysis

Perform Network Behavior Analysis
         o Monitoring Network Activities
                  • Monitoring IP Addresses
         o Monitoring Port
                  • Port Monitoring Tools: TCPView and CurrPorts
         o Monitoring DNS
                  • DNS Monitoring Tool: DNSQuerySniffer

Verrijk Uw Carrière met OEM's ICT Trainingen

Waarom kiezen voor OEM?
Ervaring: Meer dan 20 jaar expertise in ICT-trainingen.
Uitgebreide Selectie: Meer dan 1000 cursussen van 200 topmerken.
Hoge Tevredenheid: Beoordeeld met een 9.0 op Springest.
Kwaliteitsgarantie: Gecertificeerde docenten en award-winning E-learning.
Partnerschappen: Microsoft Partner, EC-Council Partner, Certiport en Pearson VUE.

Blijf op de hoogte van nieuwe ervaringen

Er zijn nog geen ervaringen.

Deel je ervaring

Heb je ervaring met deze cursus? Deel je ervaring en help anderen kiezen. Als dank voor de moeite doneert Springest € 1,- aan Stichting Edukans.

Er zijn nog geen veelgestelde vragen over dit product. Als je een vraag hebt, neem dan contact op met onze klantenservice.

Download gratis en vrijblijvend de informatiebrochure

(optioneel)
(optioneel)
(optioneel)
(optioneel)
We slaan je gegevens op, en delen ze met OEM ICT Trainingen & Advies, om je via e-mail en evt. telefoon verder te helpen. Meer info vind je in ons privacybeleid.