Digital Forensics Essentials (DFE) Training
Digital Forensics Essentials (DFE) Training
The DFE training covers a range of topics, including the fundamentals of digital forensics, the tools and techniques used in digital forensics investigations.
Read more- Award Winning E-learning
- Lowest price guarantee
- Personalized service by our expert team
- Pay safely online or by invoice
- Order and start within 24 hours
Digital Forensics Essentials (DFE) Training
The Digital Forensics Essentials (D|FE) is an entry-level foundational course to help beginners grasp the facets of digital forensics investigation, its phases, and types. The baseline-level course aims to enhance your competency and expertise in digital forensics and information security skills offering 12 comprehensive modules, 11 hours of premium self-paced video training, courseware, and 11 labs; the course covers topics like dark web forensics, Linux, investigating web applications, and more. Test your learnings with CTF-based Capstone Projects and validate your newly acquired
skills in proctored exams.
Course content
Module 01: Computer Forensics Fundamentals
Understand the Fundamentals of Computer Forensics
o Understanding Computer Forensics
o Objectives of Computer Forensics
o Need for Computer Forensics
o When Do You Use Computer Forensics?
o Types of Cybercrimes
• Examples of Cybercrimes
o Impact of Cybercrimes at the Organizational Level
Understand Digital Evidence
o Introduction to Digital Evidence
o Types of Digital Evidence
o Roles of Digital Evidence
o Sources of Potential Evidence
o Rules of Evidence
o Best Evidence Rule
o Federal Rules of Evidence (United States)
o Scientific Working Group on Digital Evidence (SWGDE)
o The Association of Chief Police Officers (ACPO) Principles of Digital Evidence
Understand Forensic Readiness
o Forensic Readiness
o Forensic Readiness and Business Continuity
o Forensics Readiness Planning
Identify the Roles and Responsibilities of a Forensic Investigator
o Need for a Forensic Investigator
o Roles and Responsibilities of a Forensics Investigator
o What Makes a Good Computer Forensics Investigator?
Understand Legal Compliance in Computer Forensics
o Computer Forensics and Legal Compliance
o Other Laws Relevant to Computer Forensics
Module 02: Computer Forensics Investigation Process
Understand the Forensic Investigation Process and its Importance
o Forensic Investigation Process
o Importance of the Forensic Investigation Process
o Phases Involved in the Forensics Investigation Process
Forensic Investigation Process - Pre-investigation Phase
o Setting Up a Computer Forensics Lab
o Building the Investigation Team
o Understanding the Hardware and Software Requirements of a Forensic Lab
Forensic Investigation Process - Investigation Phase
o Computer Forensics Investigation Methodology
• Documenting the Electronic Crime Scene
• Search and Seizure
• Planning the Search and Seizure
• Evidence Preservation
• Data Acquisition
• Data Analysis
• Case Analysis
Forensic Investigation Process - Post-investigation Phase
o Gathering and Organizing Information
o Writing the Investigation Report
o Forensics Investigation Report Template
o Testifying as an Expert Witness
Lab Exercise
o Performing Hash or HMAC Calculations
o Comparing Hash Values of Files to Check their Integrity
o Viewing Files of Various Formats
o Creating a Disk Image File of a Hard Disk Partition
Module 03: Understanding Hard Disks and File Systems
Describe Different Types of Disk Drives and their Characteristics
o Understanding Hard Disk Drive
• Tracks
• Track Numbering
• Sector
• Sector Addressing
• 4K Sectors
• Data Density on a Hard Disk
• CHS (Cylinder-Head-Sector) Data Addressing and Disk Capacity Calculation
• Measuring the Hard Disk Performance
o Understanding Solid-State Drive (SSD)
o Disk Interfaces
• ATA/PATA (IDE/EIDE)
• Serial ATA/ SATA (AHCI)
• Serial Attached SCSI
• PCIe SSD
• SCSI
Explain the Logical Structure of a Disk
o Logical Structure of Disk
o Clusters
o Cluster Size
o Lost Clusters
o Slack Space
o Master Boot Record (MBR)
o Structure of a Master Boot Record
o Disk Partitions
o BIOS Parameter Block (BPB)
o Globally Unique Identifier (GUID)
• GUID Partition Table (GPT)
Understand Booting Process of Windows, Linux, and Mac Operating Systems
o What is the Booting Process?
o Essential Windows System Files
o Windows Boot Process: BIOS-MBR Method
• Identifying the MBR Partition
o Windows Boot Process: UEFI-GPT
• Identifying the GUID Partition Table (GPT)
• Analyzing the GPT Header and Entries
• GPT Artifacts
o Macintosh Boot Process
o Linux Boot Process
Understand Various File Systems of Windows, Linux, and Mac Operating Systems
o Windows File Systems
• File Allocation Table (FAT)
• New Technology File System (NTFS)
➢ NTFS Architecture
➢ NTFS System Files
• Encrypting File Systems (EFS)
• Sparse Files
o Linux File Systems
• Linux File System Architecture
• Filesystem Hierarchy Standard (FHS)
• Extended File System (ext)
• Second Extended File System (ext2)
• Third Extended File System (ext3)
• Journaling File System
• Fourth Extended File System (ext4)
o macOS File Systems
• Hierarchical File System Plus (HFS+)
• Apple File System (APFS)
Examine the File System
o File System Analysis using Autopsy
o File System Analysis using The Sleuth Kit (TSK)
o Recovering Deleted Files from Hard Disks using WinHex
Lab Exercise
o Analyzing File System of a Linux Image
o Recovering Deleted Files from Hard Disks
Module 04: Data Acquisition and Duplication
Understand Data Acquisition Fundamentals
o Data Acquisition
o Live Acquisition
o Order of Volatility
o Dead Acquisition
o Rules of Thumb for Data Acquisition
Discuss Different Types of Data Acquisition
o Types of Data Acquisition
• Logical Acquisition
• Sparse Acquisition
• Bit-Stream Imaging
➢ Bit-stream disk-to-image file
➢ Bit-stream disk-to-disk
Lab Exercise
o Creating a dd Image of a System Drive
Determine the Data Acquisition Format
o Raw Format
o Proprietary Format
o Advanced Forensics Format (AFF)
o Advanced Forensic Framework 4 (AFF4)
Understand Data Acquisition Methodology
o Data Acquisition Methodology
• Step 1: Determine the Best Data Acquisition Method
• Step 2: Select the Data Acquisition Tool
• Step 3: Sanitize the Target Media
• Step 4: Acquire Volatile Data
• Step 5: Enable Write Protection on the Evidence Media
• Step 6: Acquire Non-Volatile Data
➢ Acquire Non-volatile Data (Using a Windows Forensic Workstation)
• Step 7: Plan for Contingency
• Step 8: Validate Data Acquisition
➢ Validate Data Acquisition – Windows Validation Methods
Lab Exercise
o Converting Acquired Image File to a Bootable Virtual Machine
o Acquiring RAM from Windows Workstations
o Viewing Contents of Forensic Image File
Module 05: Defeating Anti-forensics Techniques
Understand Anti-forensics and its Techniques
o What is Anti-forensics?
o Anti-forensics Techniques
• Data/File Deletion
➢ What Happens When a File is Deleted in Windows?
➢ Recycle Bin in Windows
➢ Recycle Bin Forensics
• File Carving
➢ File Carving on Windows
➢ File Recovery Tools: Windows
➢ File Carving on Linux
➢ SSD File Carving on Linux File System
• Recovering Deleted Partitions
➢ Recovering Deleted Partitions: Using EaseUS Data Recovery Wizard
• Password Protection
➢ Password Types
➢ Password Cracking Techniques
➢ Password Cracking Tools
• Steganography
➢ Steganography Detection Tools
• Alternate Data Streams
• Trail Obfuscation
• Artifact Wiping
• Overwriting Data/Metadata
• Encryption
Lab Exercise
o SSD File Carving on a Windows File System
o Recovering Data from Lost / Deleted Disk Partition
o Cracking Application Passwords
o Detecting Steganography
Discuss Anti-forensics Countermeasures
o Anti-forensics Countermeasures
o Anti-forensics Tools
Module 06: Windows Forensics
Collect Volatile and Non-Volatile Information
o Introduction to OS Forensics
o Collecting Volatile Information
• Collecting System Time
• Collecting Logged-On Users
• Collecting Open Files
➢ net file Command
➢ Using NetworkOpenedFiles
• Collecting Network Information
• Collecting Information about Network Connections
• Process Information
• Process-to-Port Mapping
• Examining Process Memory
• Collecting Network Status
o Collecting Non-Volatile Information
• Examining File Systems
• ESE Database File
➢ Examining .edb File Using ESEDatabaseView
• Windows Search Index Analysis
• Detecting Externally Connected Devices to the System
• Slack Space
Lab Exercise
o Acquiring Volatile Information from a Live Windows System
Perform Windows Memory and Registry Analysis
o Windows Memory Analysis
• Windows Crash Dump
• Collecting Process Memory
• Random Access Memory (RAM) Acquisition
• Memory Forensics: Malware Analysis Using Redline
o Windows Registry Analysis
• Windows Registry
• Registry Structure within a Hive File
• Windows Registry: Forensic Analysis
Lab Exercise
o Investigating Forensic Image of Windows RAM
Examine Cache, Cookie, and History Recorded in Web Browsers
o Cache, Cookie, and History Analysis
• Google Chrome
➢ Analysis Tool: ChromeCacheView
➢ Analysis Tool: ChromeCookiesView
➢ Analysis Tool: ChromeHistoryView
• Mozilla Firefox
• Microsoft Edge
Lab Exercise
o Examining Web Browser Artifacts
Examine Windows Files and Metadata
o Windows File Analysis
• System Restore Points (Rp.log Files)
• System Restore Points (Change.log.x Files)
• Prefetch Files
• Image Files
o Metadata Investigation
• Understanding Metadata
• Metadata in Different File Systems
• Metadata in PDF Files
• Metadata in Word Documents
• Metadata Analysis Tool: Metashield Analyzer
Lab Exercise
o Extracting Information about Loaded Processes on a Computer
Module 07: Linux and Mac Forensics
Understand Volatile and Non-Volatile Data in Linux
o Introduction to Linux Forensics
o Collecting Volatile Data
• Collecting Hostname, Date, and Time
• Collecting Uptime Data
• Collecting Network Information
• Viewing Network Routing Tables
• Collecting Open Port Information
• Finding Programs/Processes Associated with a Port
• Collecting Data on Open Files
• Viewing Running Processes in the System
o Collecting Non-Volatile Data
• Collecting System Information
• Collecting Kernel Information
• Collecting User Account Information
• Collecting Currently Logged-in Users and Login History Information
• Collecting System Logs Data
➢ Linux Log Files
Analyze Filesystem Images Using The Sleuth Kit
o File System Analysis Using The Sleuth Kit: fsstat
o System Analysis Using The Sleuth Kit: fls and istat
Demonstrate Memory Forensics
o Memory Forensics: Introduction
o Memory Forensics Using Volatility Framework
o Carving Memory Dumps Using PhotoRec Tool
Lab Exercise
o Forensic Investigation on a Linux Memory Dump
o Recovering Data from a Linux Memory Dump
Understand Mac Forensics
o Introduction to Mac Forensics
o Mac Forensics Data
o Mac Log Files
o Mac Directories
o APFS Analysis: Biskus APFS Capture
o Parsing Metadata on Spotlight
o Mac Forensics Tools
Module 08: Network Forensics
Understand Network Forensics Fundamentals
o Introduction to Network Forensics
o Postmortem and Real-Time Analysis
o Network Attacks
o Indicators of Compromise (IoCs)
o Where to Look for Evidence
o Types of Network-based Evidence
Understand Event Correlation Concepts and Types
o Event Correlation
o Types of Event Correlation
o Prerequisites of Event Correlation
o Event Correlation Approaches
Identify Indicators of Compromise (IoCs) from Network Logs
o Analyzing Firewall Logs
• Analyzing Firewall Logs: Cisco
• Analyzing Firewall Logs: Check Point
o Analyzing IDS Logs
• Analyzing IDS Logs: Check Point
o Analyzing Honeypot Logs
o Analyzing Router Logs
• Analyzing Router Logs: Cisco
o Analyzing DHCP Logs
Investigate Network Traffic
o Why Investigate Network Traffic?
o Gathering Evidence via Sniffers
• Sniffing Tool: Tcpdump
• Sniffing Tool: Wireshark
• Display Filters in Wireshark
o Analyze Traffic for TCP SYN Flood DoS Attack
o Analyze Traffic for SYN-FIN Flood DoS Attack
o Analyze Traffic for FTP Password Cracking Attempts
o Analyze Traffic for SMB Password Cracking Attempts
o Analyze Traffic for Sniffing Attempts
o Analyze Traffic for MAC Flooding Attempt
o Analyze Traffic for ARP Poisoning Attempt
o Analyze Traffic to Detect Malware Activity Lab Exercise
o Identifying and Investigating Various Network Attacks using Wireshark
Module 09: Investigating Web Attacks
Understand Web Application Forensics
o Introduction to Web Application Forensics
o Challenges in Web Application Forensics
o Indications of a Web Attack
o Web Application Threats
o Web Attack Investigation Methodology
Understand IIS and Apache Web Server Logs
o IIS Logs
• IIS Web Server Architecture
• IIS Logs
• Analyzing IIS Logs
o Apache Web Server Logs
• Apache Web Server Architecture
• Apache Web Server Logs
• Apache Access Logs
• Analyzing Apache Access Logs
• Apache Error Logs
➢ Analyzing Apache Error Logs
Investigating Web Attacks on Windows-based Servers
Detect and Investigate Various Attacks on Web Applications
o Investigating Cross-Site Scripting (XSS) Attack
• Investigating XSS: Using Regex to Search XSS Strings
• Examining Apache Logs for XSS Attack
• Examining Snort Alert Logs for XSS Attack
• Examining SIEM Logs for XSS Attack
o Investigating SQL Injection Attack
• Investigating SQL Injection Attack: Using Regex
• Examining IIS Logs for SQL Injection Attack
• Examining Snort Alert Logs for SQL Injection Attack
• Examining SIEM Logs for SQL Injection Attack
Lab Exercise
o Identifying and Investigating Web Application Attacks Using Splunk
Module 10: Dark Web Forensics
Understand the Dark Web
o Understanding the Dark Web
o Tor Relays
o Working of the Tor Browser
o Tor Bridge Node
Understand Dark Web Forensics
o Dark Web Forensics
o Identifying Tor Browser Artifacts: Command Prompt
o Identifying Tor Browser Artifacts: Windows Registry
o Identifying Tor Browser Artifacts: Prefetch Files
o Dark Web Forensics Challenges
Lab Exercise
o Detecting TOR Browser on a Machine
Perform Tor Browser Forensics
o Memory Acquisition
o Collecting Memory Dumps
o Memory Dump Analysis: Bulk Extractor
Lab Exercise
o Analyzing RAM Dumps to Retrieve TOR Browser Artifacts
Module 11: Investigating Email Crimes
Understand Email Basics
o Introduction to an Email System
o Components Involved in Email Communication
o How Email Communication Works?
o Understanding the Parts of an Email Message
Understand Email Crime Investigation and its Steps
o Introduction to Email Crime Investigation
o Steps to Investigate Email Crimes
• Step 1: Seizing the Computer and Email Accounts
• Step 2: Acquiring the Email Data
➢ Acquiring Email Data from Desktop-based Email Clients
➢ Local Email Files in Microsoft Outlook
➢ Acquiring Thunderbird Local Email Files via SysTools MailPro+
• Step 3: Examining Email Messages
• Step 4: Retrieving Email Headers
➢ Retrieving Email Headers in Microsoft Outlook
➢ Retrieving Email Headers in Microsoft Outlook.com
➢ Retrieving Email Headers in Gmail
• Step 5: Analyzing Email Headers
➢ Checking Email Authenticity
➢ Investigating a Suspicious Email
• Step 6: Recovering Deleted Email Messages
➢ Recovering Deleted Email Messages from Outlook .pst Files Using Paraben’s Electronic Evidence Examiner
Lab Exercise
o Investigating a Suspicious Email
Module 12: Malware Forensics
Understand Malware, its Components and Distribution Methods
o Introduction to Malware
o Components of Malware
o Common Techniques Attackers Use to Distribute Malware across Web
Understand Malware Forensics Fundamentals and Recognize Types of Malware
Analysis
o Introduction to Malware Forensics
o Why Analyze Malware?
o Malware Analysis Challenges
o Identifying and Extracting Malware
o Prominence of Setting Up a Controlled Malware Analysis Lab
o Preparing Testbed for Malware Analysis
o Supporting Tools for Malware Analysis
o General Rules for Malware Analysis
o Types of Malware Analysis
Perform Static Malware Analysis
o Malware Analysis: Static
o File Fingerprinting
o Online Malware Scanning
o Performing Strings Search
o Identifying Packing/Obfuscation Methods
o Finding the Portable Executables (PE) Information
o Identifying File Dependencies
o Malware Disassembly
Lab Exercise
o Performing Static Analysis on a Suspicious File
Analyze Suspicious Word Documents
o Analyzing Suspicious MS Office Document
• Finding Suspicious Components
• Finding Macro Streams
• Dumping Macro Streams
• Identifying Suspicious VBA Keywords
Lab Exercise
o Forensic Examination of a Suspicious Microsoft Office Document
Perform Dynamic Malware Analysis
o Malware Analysis: Dynamic
o Pre-Execution Preparation
o Monitoring Host Integrity
o Observing Runtime Behavior
Perform System Behavior Analysis
o Monitoring Registry Artifacts
• Windows AutoStart Registry Keys
• Analyzing Windows AutoStart Registry Keys
o Monitoring Processes
o Monitoring Windows Services
o Monitoring Startup Programs
• Startup Programs Monitoring Tool: AutoRuns for Windows
o Monitoring Windows Event Logs
o Monitoring API Calls
o Monitoring Device Drivers
• Device Drivers Monitoring Tool: DriverView
o Monitoring Files and Folders
• File and Folder Monitoring Tool: PA File Sight
• File and Folder Integrity Checkers: FastSum and WinMD5
Lab Exercise
o Performing System Behaviour Analysis
Perform Network Behavior Analysis
o Monitoring Network Activities
• Monitoring IP Addresses
o Monitoring Port
• Port Monitoring Tools: TCPView and CurrPorts
o Monitoring DNS
• DNS Monitoring Tool: DNSQuerySniffer
| Lesson duration | Variable |
|---|---|
| Language | English |
| Certificate of participation | Yes |
| Online access | 1 year unlimited access |
| Progress monitoring | Yes |
There are no reviews written yet about this product.
OEM Office Elearning Menu Top 2 in ICT-trainingen 2024!
OEM Office Elearning Menu is trots op de tweede plaats in de categorie ICT-trainingen 2024 bij Beste Opleider van Nederland (Springest/Archipel). Dank aan al onze cursisten voor hun vertrouwen!
Reviews
There are no reviews written yet about this product.
