Digital Forensics Essentials (DFE) Training
Digital Forensics Essentials (DFE) Training
The DFE training covers a range of topics, including the fundamentals of digital forensics, the tools and techniques used in digital forensics investigations.
Read more- Award Winning E-learning
- Lowest price guarantee
- Personalized service by our expert team
- Pay safely online or by invoice
- Order and start within 24 hours
Digital Forensics Essentials (DFE) Training
The Digital Forensics Essentials (D|FE) is an entry-level foundational course to help beginners grasp the facets of digital forensics investigation, its phases, and types. The baseline-level course aims to enhance your competency and expertise in digital forensics and information security skills offering 12 comprehensive modules, 11 hours of premium self-paced video training, courseware, and 11 labs; the course covers topics like dark web forensics, Linux, investigating web applications, and more. Test your learnings with CTF-based Capstone Projects and validate your newly acquired
skills in proctored exams.
Course content
Module 01: Computer Forensics Fundamentals
Understand the Fundamentals of Computer Forensics
o Understanding Computer Forensics
o Objectives of Computer Forensics
o Need for Computer Forensics
o When Do You Use Computer Forensics?
o Types of Cybercrimes
• Examples of Cybercrimes
o Impact of Cybercrimes at the Organizational Level
Understand Digital Evidence
o Introduction to Digital Evidence
o Types of Digital Evidence
o Roles of Digital Evidence
o Sources of Potential Evidence
o Rules of Evidence
o Best Evidence Rule
o Federal Rules of Evidence (United States)
o Scientific Working Group on Digital Evidence (SWGDE)
o The Association of Chief Police Officers (ACPO) Principles of Digital Evidence
Understand Forensic Readiness
o Forensic Readiness
o Forensic Readiness and Business Continuity
o Forensics Readiness Planning
Identify the Roles and Responsibilities of a Forensic Investigator
o Need for a Forensic Investigator
o Roles and Responsibilities of a Forensics Investigator
o What Makes a Good Computer Forensics Investigator?
Understand Legal Compliance in Computer Forensics
o Computer Forensics and Legal Compliance
o Other Laws Relevant to Computer Forensics
Module 02: Computer Forensics Investigation Process
Understand the Forensic Investigation Process and its Importance
o Forensic Investigation Process
o Importance of the Forensic Investigation Process
o Phases Involved in the Forensics Investigation Process
Forensic Investigation Process - Pre-investigation Phase
o Setting Up a Computer Forensics Lab
o Building the Investigation Team
o Understanding the Hardware and Software Requirements of a Forensic Lab
Forensic Investigation Process - Investigation Phase
o Computer Forensics Investigation Methodology
• Documenting the Electronic Crime Scene
• Search and Seizure
• Planning the Search and Seizure
• Evidence Preservation
• Data Acquisition
• Data Analysis
• Case Analysis
Forensic Investigation Process - Post-investigation Phase
o Gathering and Organizing Information
o Writing the Investigation Report
o Forensics Investigation Report Template
o Testifying as an Expert Witness
Lab Exercise
o Performing Hash or HMAC Calculations
o Comparing Hash Values of Files to Check their Integrity
o Viewing Files of Various Formats
o Creating a Disk Image File of a Hard Disk Partition
Module 03: Understanding Hard Disks and File Systems
Describe Different Types of Disk Drives and their Characteristics
o Understanding Hard Disk Drive
• Tracks
• Track Numbering
• Sector
• Sector Addressing
• 4K Sectors
• Data Density on a Hard Disk
• CHS (Cylinder-Head-Sector) Data Addressing and Disk Capacity Calculation
• Measuring the Hard Disk Performance
o Understanding Solid-State Drive (SSD)
o Disk Interfaces
• ATA/PATA (IDE/EIDE)
• Serial ATA/ SATA (AHCI)
• Serial Attached SCSI
• PCIe SSD
• SCSI
Explain the Logical Structure of a Disk
o Logical Structure of Disk
o Clusters
o Cluster Size
o Lost Clusters
o Slack Space
o Master Boot Record (MBR)
o Structure of a Master Boot Record
o Disk Partitions
o BIOS Parameter Block (BPB)
o Globally Unique Identifier (GUID)
• GUID Partition Table (GPT)
Understand Booting Process of Windows, Linux, and Mac Operating Systems
o What is the Booting Process?
o Essential Windows System Files
o Windows Boot Process: BIOS-MBR Method
• Identifying the MBR Partition
o Windows Boot Process: UEFI-GPT
• Identifying the GUID Partition Table (GPT)
• Analyzing the GPT Header and Entries
• GPT Artifacts
o Macintosh Boot Process
o Linux Boot Process
Understand Various File Systems of Windows, Linux, and Mac Operating Systems
o Windows File Systems
• File Allocation Table (FAT)
• New Technology File System (NTFS)
➢ NTFS Architecture
➢ NTFS System Files
• Encrypting File Systems (EFS)
• Sparse Files
o Linux File Systems
• Linux File System Architecture
• Filesystem Hierarchy Standard (FHS)
• Extended File System (ext)
• Second Extended File System (ext2)
• Third Extended File System (ext3)
• Journaling File System
• Fourth Extended File System (ext4)
o macOS File Systems
• Hierarchical File System Plus (HFS+)
• Apple File System (APFS)
Examine the File System
o File System Analysis using Autopsy
o File System Analysis using The Sleuth Kit (TSK)
o Recovering Deleted Files from Hard Disks using WinHex
Lab Exercise
o Analyzing File System of a Linux Image
o Recovering Deleted Files from Hard Disks
Module 04: Data Acquisition and Duplication
Understand Data Acquisition Fundamentals
o Data Acquisition
o Live Acquisition
o Order of Volatility
o Dead Acquisition
o Rules of Thumb for Data Acquisition
Discuss Different Types of Data Acquisition
o Types of Data Acquisition
• Logical Acquisition
• Sparse Acquisition
• Bit-Stream Imaging
➢ Bit-stream disk-to-image file
➢ Bit-stream disk-to-disk
Lab Exercise
o Creating a dd Image of a System Drive
Determine the Data Acquisition Format
o Raw Format
o Proprietary Format
o Advanced Forensics Format (AFF)
o Advanced Forensic Framework 4 (AFF4)
Understand Data Acquisition Methodology
o Data Acquisition Methodology
• Step 1: Determine the Best Data Acquisition Method
• Step 2: Select the Data Acquisition Tool
• Step 3: Sanitize the Target Media
• Step 4: Acquire Volatile Data
• Step 5: Enable Write Protection on the Evidence Media
• Step 6: Acquire Non-Volatile Data
➢ Acquire Non-volatile Data (Using a Windows Forensic Workstation)
• Step 7: Plan for Contingency
• Step 8: Validate Data Acquisition
➢ Validate Data Acquisition – Windows Validation Methods
Lab Exercise
o Converting Acquired Image File to a Bootable Virtual Machine
o Acquiring RAM from Windows Workstations
o Viewing Contents of Forensic Image File
Module 05: Defeating Anti-forensics Techniques
Understand Anti-forensics and its Techniques
o What is Anti-forensics?
o Anti-forensics Techniques
• Data/File Deletion
➢ What Happens When a File is Deleted in Windows?
➢ Recycle Bin in Windows
➢ Recycle Bin Forensics
• File Carving
➢ File Carving on Windows
➢ File Recovery Tools: Windows
➢ File Carving on Linux
➢ SSD File Carving on Linux File System
• Recovering Deleted Partitions
➢ Recovering Deleted Partitions: Using EaseUS Data Recovery Wizard
• Password Protection
➢ Password Types
➢ Password Cracking Techniques
➢ Password Cracking Tools
• Steganography
➢ Steganography Detection Tools
• Alternate Data Streams
• Trail Obfuscation
• Artifact Wiping
• Overwriting Data/Metadata
• Encryption
Lab Exercise
o SSD File Carving on a Windows File System
o Recovering Data from Lost / Deleted Disk Partition
o Cracking Application Passwords
o Detecting Steganography
Discuss Anti-forensics Countermeasures
o Anti-forensics Countermeasures
o Anti-forensics Tools
Module 06: Windows Forensics
Collect Volatile and Non-Volatile Information
o Introduction to OS Forensics
o Collecting Volatile Information
• Collecting System Time
• Collecting Logged-On Users
• Collecting Open Files
➢ net file Command
➢ Using NetworkOpenedFiles
• Collecting Network Information
• Collecting Information about Network Connections
• Process Information
• Process-to-Port Mapping
• Examining Process Memory
• Collecting Network Status
o Collecting Non-Volatile Information
• Examining File Systems
• ESE Database File
➢ Examining .edb File Using ESEDatabaseView
• Windows Search Index Analysis
• Detecting Externally Connected Devices to the System
• Slack Space
Lab Exercise
o Acquiring Volatile Information from a Live Windows System
Perform Windows Memory and Registry Analysis
o Windows Memory Analysis
• Windows Crash Dump
• Collecting Process Memory
• Random Access Memory (RAM) Acquisition
• Memory Forensics: Malware Analysis Using Redline
o Windows Registry Analysis
• Windows Registry
• Registry Structure within a Hive File
• Windows Registry: Forensic Analysis
Lab Exercise
o Investigating Forensic Image of Windows RAM
Examine Cache, Cookie, and History Recorded in Web Browsers
o Cache, Cookie, and History Analysis
• Google Chrome
➢ Analysis Tool: ChromeCacheView
➢ Analysis Tool: ChromeCookiesView
➢ Analysis Tool: ChromeHistoryView
• Mozilla Firefox
• Microsoft Edge
Lab Exercise
o Examining Web Browser Artifacts
Examine Windows Files and Metadata
o Windows File Analysis
• System Restore Points (Rp.log Files)
• System Restore Points (Change.log.x Files)
• Prefetch Files
• Image Files
o Metadata Investigation
• Understanding Metadata
• Metadata in Different File Systems
• Metadata in PDF Files
• Metadata in Word Documents
• Metadata Analysis Tool: Metashield Analyzer
Lab Exercise
o Extracting Information about Loaded Processes on a Computer
Module 07: Linux and Mac Forensics
Understand Volatile and Non-Volatile Data in Linux
o Introduction to Linux Forensics
o Collecting Volatile Data
• Collecting Hostname, Date, and Time
• Collecting Uptime Data
• Collecting Network Information
• Viewing Network Routing Tables
• Collecting Open Port Information
• Finding Programs/Processes Associated with a Port
• Collecting Data on Open Files
• Viewing Running Processes in the System
o Collecting Non-Volatile Data
• Collecting System Information
• Collecting Kernel Information
• Collecting User Account Information
• Collecting Currently Logged-in Users and Login History Information
• Collecting System Logs Data
➢ Linux Log Files
Analyze Filesystem Images Using The Sleuth Kit
o File System Analysis Using The Sleuth Kit: fsstat
o System Analysis Using The Sleuth Kit: fls and istat
Demonstrate Memory Forensics
o Memory Forensics: Introduction
o Memory Forensics Using Volatility Framework
o Carving Memory Dumps Using PhotoRec Tool
Lab Exercise
o Forensic Investigation on a Linux Memory Dump
o Recovering Data from a Linux Memory Dump
Understand Mac Forensics
o Introduction to Mac Forensics
o Mac Forensics Data
o Mac Log Files
o Mac Directories
o APFS Analysis: Biskus APFS Capture
o Parsing Metadata on Spotlight
o Mac Forensics Tools
Module 08: Network Forensics
Understand Network Forensics Fundamentals
o Introduction to Network Forensics
o Postmortem and Real-Time Analysis
o Network Attacks
o Indicators of Compromise (IoCs)
o Where to Look for Evidence
o Types of Network-based Evidence
Understand Event Correlation Concepts and Types
o Event Correlation
o Types of Event Correlation
o Prerequisites of Event Correlation
o Event Correlation Approaches
Identify Indicators of Compromise (IoCs) from Network Logs
o Analyzing Firewall Logs
• Analyzing Firewall Logs: Cisco
• Analyzing Firewall Logs: Check Point
o Analyzing IDS Logs
• Analyzing IDS Logs: Check Point
o Analyzing Honeypot Logs
o Analyzing Router Logs
• Analyzing Router Logs: Cisco
o Analyzing DHCP Logs
Investigate Network Traffic
o Why Investigate Network Traffic?
o Gathering Evidence via Sniffers
• Sniffing Tool: Tcpdump
• Sniffing Tool: Wireshark
• Display Filters in Wireshark
o Analyze Traffic for TCP SYN Flood DoS Attack
o Analyze Traffic for SYN-FIN Flood DoS Attack
o Analyze Traffic for FTP Password Cracking Attempts
o Analyze Traffic for SMB Password Cracking Attempts
o Analyze Traffic for Sniffing Attempts
o Analyze Traffic for MAC Flooding Attempt
o Analyze Traffic for ARP Poisoning Attempt
o Analyze Traffic to Detect Malware Activity Lab Exercise
o Identifying and Investigating Various Network Attacks using Wireshark
Module 09: Investigating Web Attacks
Understand Web Application Forensics
o Introduction to Web Application Forensics
o Challenges in Web Application Forensics
o Indications of a Web Attack
o Web Application Threats
o Web Attack Investigation Methodology
Understand IIS and Apache Web Server Logs
o IIS Logs
• IIS Web Server Architecture
• IIS Logs
• Analyzing IIS Logs
o Apache Web Server Logs
• Apache Web Server Architecture
• Apache Web Server Logs
• Apache Access Logs
• Analyzing Apache Access Logs
• Apache Error Logs
➢ Analyzing Apache Error Logs
Investigating Web Attacks on Windows-based Servers
Detect and Investigate Various Attacks on Web Applications
o Investigating Cross-Site Scripting (XSS) Attack
• Investigating XSS: Using Regex to Search XSS Strings
• Examining Apache Logs for XSS Attack
• Examining Snort Alert Logs for XSS Attack
• Examining SIEM Logs for XSS Attack
o Investigating SQL Injection Attack
• Investigating SQL Injection Attack: Using Regex
• Examining IIS Logs for SQL Injection Attack
• Examining Snort Alert Logs for SQL Injection Attack
• Examining SIEM Logs for SQL Injection Attack
Lab Exercise
o Identifying and Investigating Web Application Attacks Using Splunk
Module 10: Dark Web Forensics
Understand the Dark Web
o Understanding the Dark Web
o Tor Relays
o Working of the Tor Browser
o Tor Bridge Node
Understand Dark Web Forensics
o Dark Web Forensics
o Identifying Tor Browser Artifacts: Command Prompt
o Identifying Tor Browser Artifacts: Windows Registry
o Identifying Tor Browser Artifacts: Prefetch Files
o Dark Web Forensics Challenges
Lab Exercise
o Detecting TOR Browser on a Machine
Perform Tor Browser Forensics
o Memory Acquisition
o Collecting Memory Dumps
o Memory Dump Analysis: Bulk Extractor
Lab Exercise
o Analyzing RAM Dumps to Retrieve TOR Browser Artifacts
Module 11: Investigating Email Crimes
Understand Email Basics
o Introduction to an Email System
o Components Involved in Email Communication
o How Email Communication Works?
o Understanding the Parts of an Email Message
Understand Email Crime Investigation and its Steps
o Introduction to Email Crime Investigation
o Steps to Investigate Email Crimes
• Step 1: Seizing the Computer and Email Accounts
• Step 2: Acquiring the Email Data
➢ Acquiring Email Data from Desktop-based Email Clients
➢ Local Email Files in Microsoft Outlook
➢ Acquiring Thunderbird Local Email Files via SysTools MailPro+
• Step 3: Examining Email Messages
• Step 4: Retrieving Email Headers
➢ Retrieving Email Headers in Microsoft Outlook
➢ Retrieving Email Headers in Microsoft Outlook.com
➢ Retrieving Email Headers in Gmail
• Step 5: Analyzing Email Headers
➢ Checking Email Authenticity
➢ Investigating a Suspicious Email
• Step 6: Recovering Deleted Email Messages
➢ Recovering Deleted Email Messages from Outlook .pst Files Using Paraben’s Electronic Evidence Examiner
Lab Exercise
o Investigating a Suspicious Email
Module 12: Malware Forensics
Understand Malware, its Components and Distribution Methods
o Introduction to Malware
o Components of Malware
o Common Techniques Attackers Use to Distribute Malware across Web
Understand Malware Forensics Fundamentals and Recognize Types of Malware
Analysis
o Introduction to Malware Forensics
o Why Analyze Malware?
o Malware Analysis Challenges
o Identifying and Extracting Malware
o Prominence of Setting Up a Controlled Malware Analysis Lab
o Preparing Testbed for Malware Analysis
o Supporting Tools for Malware Analysis
o General Rules for Malware Analysis
o Types of Malware Analysis
Perform Static Malware Analysis
o Malware Analysis: Static
o File Fingerprinting
o Online Malware Scanning
o Performing Strings Search
o Identifying Packing/Obfuscation Methods
o Finding the Portable Executables (PE) Information
o Identifying File Dependencies
o Malware Disassembly
Lab Exercise
o Performing Static Analysis on a Suspicious File
Analyze Suspicious Word Documents
o Analyzing Suspicious MS Office Document
• Finding Suspicious Components
• Finding Macro Streams
• Dumping Macro Streams
• Identifying Suspicious VBA Keywords
Lab Exercise
o Forensic Examination of a Suspicious Microsoft Office Document
Perform Dynamic Malware Analysis
o Malware Analysis: Dynamic
o Pre-Execution Preparation
o Monitoring Host Integrity
o Observing Runtime Behavior
Perform System Behavior Analysis
o Monitoring Registry Artifacts
• Windows AutoStart Registry Keys
• Analyzing Windows AutoStart Registry Keys
o Monitoring Processes
o Monitoring Windows Services
o Monitoring Startup Programs
• Startup Programs Monitoring Tool: AutoRuns for Windows
o Monitoring Windows Event Logs
o Monitoring API Calls
o Monitoring Device Drivers
• Device Drivers Monitoring Tool: DriverView
o Monitoring Files and Folders
• File and Folder Monitoring Tool: PA File Sight
• File and Folder Integrity Checkers: FastSum and WinMD5
Lab Exercise
o Performing System Behaviour Analysis
Perform Network Behavior Analysis
o Monitoring Network Activities
• Monitoring IP Addresses
o Monitoring Port
• Port Monitoring Tools: TCPView and CurrPorts
o Monitoring DNS
• DNS Monitoring Tool: DNSQuerySniffer
| Lesson duration | Variable |
|---|---|
| Language | English |
| Certificate of participation | Yes |
| Online access | 1 year unlimited access |
| Progress monitoring | Yes |
There are no reviews written yet about this product.
OEM Office Elearning Menu Genomineerd voor 'Beste Opleider van Nederland'
OEM Office Elearning Menu is trots genomineerd te zijn voor de titel 'Beste Opleider van Nederland' door Springest, een onderdeel van Archipel. Deze erkenning bevestigt onze kwaliteit en toewijding. Hartelijk dank aan al onze cursisten.
Reviews
There are no reviews written yet about this product.
