This course helps create and understand low-level Linux attack paths, improve your Linux detection coverage, see in action many Open Source DFIR/defensive projects, and understand the need for Linux telemetry, especially including Kubernetes clusters where Runtime Security solutions are a must these days. The techniques and attack paths covered in this training include many different implementations of eBPF, XDP, Ftrace, Kprobe, Uprobe, Netfilter, Systemtap, PAM, SSHD, HTTPD/Nginx, LD_PRELOAD-based code samples, and PoCs. Detection and forensics layers include LKRG, bpftool, Velociraptor IR, OSQuery, CLI-based /proc/ and /sys/ analysis, memory forensics with Volatility 2/3 Framework with the semi-automated RAM acquisition, Sysmon4Linux, Falco, Tracee, Sysdig, Tetragon, Sandfly Security, Zeek IDS, Suricata IDS, Moloch/Arkime FPC, Yara rules and more.
This advanced course is designed for digital forensics professionals looking to enhance their expertise beyond foundational skills. It delves into sophisticated forensic methods, including advanced file system analysis, memory forensics, network traffic analysis, and reverse engineering. Participants will learn cutting-edge techniques for identifying, preserving, and analyzing digital evidence in complex cybercrime investigations. Through hands-on labs and real-world case studies, students will develop a deeper understanding of forensic tools and methodologies, empowering them to solve intricate incidents, conduct in-depth investigations, and provide expert testimony in legal settings.
The objective of this course is to show students how to perform a full digital forensic investigation of a Windows system in a complete DIY setup.
The course covers a full digital forensic investigation of a Windows system. It begins with the simple preparation of our lab, which consists of setting up a “victim” VM and a forensic workstation. We’ll then run an attack simulation script on the victim VM that simulates attack patterns as commonly observed by threat actors in the industry to create a realistic setting for our investigation. From there, we’ll kick off the forensic process, beginning with the data collection, examination and extraction before diving deeper into the analysis of the information at hand.
This course is designed for digital forensics investigators who need to deal with iOS devices in their work and want to enhance their knowledge and gain hands-on experience in iOS acquisition and analysis.
This course is designed for digital forensics investigators who need to deal with Android devices in their work and want to enhance their knowledge and gain hands-on experience in Android acquisition and analysis.
