Cyber Security: CYBER FORENSICS – ADVANCED

This post is also available in: English

CYBER FORENSICS – ADVANCED

Duration : 40 Hours

The Cyber Forensics – Advanced covers computer forensics focusing on Windows systems. The training features advanced topics in Windows operating system analysis, including advanced file system analysis, web and email, as well as a comprehensive final case involving a moot court exercise

Objective

  • Investigating Windows workstations and servers
  • Understanding how Windows OS works for collecting evidence
  • Understanding Windows file systems, FAT and NTFS
  • Researching upcoming topics in computer forensics
  • Completing a variety of case studies in digital forensics

Pre- requisites

None

Course Outline

Module 1: Digital Forensics Review

  • Investigative Process
  • Analysis Methodologies
  • Tools and techniques

Module 2: FAT32 Filesystems

  • History and background on FAT
  • Allocation Tables
  • Directory Entries
  • Bitmaps
  • Deleted files and unallocated space

Module 3: NTFS File Systems

  • History & background of NTFS
  • Master File Table (MFT)
  • MFT Entries
  • Deleted Entries
  • Unallocated space

Module 4:  Filesharing and Peer-to-Peer

  • Popular file sharing protocols and applications
  • Filesharing logs
  • Network logs
  • Advanced BitTorrent Analysis

Module 5:  Executable File Analysis

  • Static Analysis
  • Dynamic Analysis
  • Virtualization

Module 6: Viruses, Rootkits and Rootkit Detection

  • The “virus defense”
  • Malware
  • Rootkits
  • Rootkit analysis

Module 7: Email and Internet Analysis

  • Web cache, history, bookmarks
  • Mail header analysis
  • Email server analysis
  • Building timelines

Module 8: Windows Registry

  • Registry locations
  • Windows registry keys and values
  • Useful registry keys
  • Automated tools for registry analysis

Module 9: Incident Response and Live Analysis

  • Live analysis of systems
  • Collecting volatile data
  • Analyzing Log Files

Module 10:  Memory Analysis

  • Dumping physical memory
  • Analyzing physical memory

Module 11: Law Enforcement and Forensics

  • Role of digital forensics in law enforcement
  • Guest speaker from various agencies