Digital Forensic Investigation Course
Creator: Ali Al-Shemery
Lab Requirements:
1. SANS SIFT Workstation, http://computer-forensics.sans.org/community/downloads
2. AccessData FTK Toolkit, http://www.accessdata.com/
3. AccessData FTK Imager, http://www.accessdata.com/
4. ProDiscover, http://www.techpathways.com/prodiscoverdft.htm
5. WinHex, http://www.x-ways.net/winhex/
6. NetworkMiner, http://www.netresec.com/?page=NetworkMiner
7. Wireshark, http://www.wireshark.org/
8. VirtualBox, https://www.virtualbox.org/
Class Prerequisites:
1. Basic understanding of networks and network protocols
2. Operating Systems concepts
3. Basic knowledge about programming languages
4. Basic knowledge about information security
Recommended Class Duration: 10-20 days
Creator Available to Teach In-Person Classes: Yes
Course Description:
Course Objectives:
Learning Outcomes:
Class Textbooks:
Other library texts and supplements
— COURSE OUTLINE —
Introduction & Forensics Investigations
Electronic Discovery
Intrusion Investigation
Windows Forensic Investigations
– MBR Disks
– FAT File Systems
– NTFS File System
– Data Streams
– Files Metadata
– Windows XP and Windows 7 Artifacts
– Recycle Bin
– Event Logs
– Prefetch Files
– IE8
– Registry Hives
– Volume Shadow Copies
– Jump Lists
– LNK Files
– Libraries
– Swap Files
– User Profiles
– Folder Virtualization
– Thumbcache
Linux Forensic Investigations
– EXT2/EXT3 File Systems
– Linux Security Model
– File Permissions
– Linux Accounts
– File System Structure
– Mount Points
– Log Analysis
– User Activity
– Network Connections
– Running Processes
– Open File Handlers
– The /proc File System
– The /sysfs File System
– Cron Jobs
Network Forensic Investigations
– Technical Fundamentals
– Evidence Acquisition
– Traffic Analysis (Protocol, Packets, and Flow Analysis)
Mobile Network Investigations (TBC)
Forensic Investigations using Python
Last Updated: Apr-2013.
More lectures to be added ASAP…
