Cybersecurity Foundations: Computer Forensics
2h 41mBeginner2023-12-18
Authors
Jungwoo Ryoo
Teaches IT, cybersecurity, and risk analysis at Penn State
Course details
Computer forensics is used to find legal evidence in computers, mobile devices, or data storage units. This course covers all the technical essentials for up-and-coming digital forensics professionals. Instructor Jungwoo Ryoo reviews the goals of computer forensics, the types of investigations it's used for, a forensic investigator's typical tool set, and the legal implications of this type of work.
Explore different specializations currently available in the field to assess your career prospects as an investigator. Jungwoo shows you how to prepare for an investigation, acquire data, ensure data is kept in its original state with software and hardware write-blockers, analyze the data, and generate a report of your findings. Along the way, you’ll discover options for both open-source and commercial software to help find the best tool for your needs and your budget.
Explore different specializations currently available in the field to assess your career prospects as an investigator. Jungwoo shows you how to prepare for an investigation, acquire data, ensure data is kept in its original state with software and hardware write-blockers, analyze the data, and generate a report of your findings. Along the way, you’ll discover options for both open-source and commercial software to help find the best tool for your needs and your budget.
Skills covered
AutopsySleuth KitLinuxIncident ResponseFoundationsCybersecurityOpen Source
Concepts
0. Introduction
- 01 - Computer forensics
- 02 - What you should know
1. Understanding Computer Forensics
- 03 - Definition and goals of computer forensics
- 04 - History
- 05 - Types of investigations
- 06 - Tools
- 07 - Legal implications
- 08 - Current and future trends
- 09 - Challenges
- 10 - Anti-forensics techniques
- 11 - Compliance and forensics
- 12 - Cybersecurity and forensics
2. Areas of Computer Forensics
- 13 - Specializations in computer forensics
- 14 - Network forensics
- 15 - Operating system forensics
- 16 - Web forensics
- 17 - Cloud forensics
- 18 - Malware forensics
- 19 - Mobile forensics
- 20 - Email forensics
- 21 - Certifications
3. Preparing for an Investigation
- 22 - Tools and knowledge requirements
- 23 - Hardware
- 24 - Software
- 25 - Understanding hexadecimal numbers
- 26 - Using a hex editor
- 27 - Understanding offset
- 28 - Forensics OS distributions
- 29 - Challenge - Hex editor
- 30 - Solution - Hex editor
4. File System Fundamentals
- 31 - Understanding file systems
- 32 - Understanding the boot sequence
- 33 - Understanding disk solid-state drives
- 34 - Understanding the master boot records (MBR)
- 35 - Understanding Partitioning
- 36 - Challenge - Partitioning a USB drive
- 37 - Solution - Partitioning a USB drive
5. Persisting Data
- 38 - Evidence preservation approaches
- 39 - Understanding the role of write blockers
- 40 - Using a software write blocker
- 41 - Using hardware write blockers
- 42 - Understanding hashing
- 43 - Hashing algorithms
- 44 - Case Study - Hashing in FTK Imager
- 45 - Understanding mounting
- 46 - Mounting manually
- 47 - Challenge - Hashing in Kali
- 48 - Solution - Hashing in Kali
6. Aquiring Data
- 49 - Data acquisition approaches
- 50 - Static acquisition with open-source tools
- 51 - Static acquisition case study with dd
- 52 - Static acquisition case study with dcfldd
- 53 - Live acquisition case study with a commercial tool
- 54 - Challenge - Live acquisition with a memory dump file
- 55 - Solution - Live acquisition with a memory dump file
7. Putting It All Together - Analyzing Data and Generating Reports
- 56 - Forensic data analysis
- 57 - Indexing
- 58 - Searching
- 59 - Generating a Report
- 60 - Case Study - Hex editor analysis of a file with a wrong extension
- 61 - Hex editor analysis of a bit-shifted file
- 62 - Case Study - Steganography
Conclusion
- 63 - Next steps