ＨｉｄｅＺｅｒｏＯｎｅ

This course will familiarize students with all aspects of Linux forensics. By the end of this course students will be able to perform live analysis, capture volatile data, make images of media, analyze filesystems, analyze network traffic, analyze files, perform memory analysis, and analyze malware all on a Linux system with readily available free and open source tools. Students will also gain an in-depth understanding of how Linux works under the covers.

WinDbg is the most popular Debugger for Windows. In this course, we will look at how WinDbg can be used for both User and Kernel mode debugging. We will learn how processes and threads work on Windows, and how we can examine memory, modify registers & data, disassemble code etc. among other things. We will also learn a bit of Windows internals, kernel data strucutres and how to analyze rootkits and other malicious code in the form of device drivers.

Airodump-NG Scan Visualizer allows you to filter, sort and visualize Airodump-NG scan data. The tool currently uses the CSV file generated by Airodump-NG with the -w option and can work locally or as a hosted service.

PCAP2XML is a tool suite which takes 802.11 PCAP trace files as input and can convert them into XML or SQLITE representations. This allows a pentester to run arbitrary queries on the packet header fields.

This course will cover USB in detail with an emphasis on understanding USB Mass Storage devices (also known as flash drives or thumb drives).By the end of this course students will know how to sniff USB traffic using open source tools, be able to write-block USB mass storage devices using software and microcontroller-based hardware, be able to impersonate other USB devices, and understand how to make forensic duplicates of USB mass storage devices.  Along the way students will also learn how to use microcontrollers and Udev rules.