ＨｉｄｅＺｅｒｏＯｎｅ

Digital forensics and incident response are two of the most critical fields in all of information security. The staggering number of reported breaches in the last several years has shown that the ability to rapidly respond to attacks is a vital capability for all organizations. Unfortunately, the standard IT staff member is simply unable to effectively respond to security incidents. Successful handling of these situations requires specific training in a number of deeply technical areas including file systems, operating system design, and knowledge of possible network and host attack vectors.  During this training, students will learn how to approach digital investigations in a manner that allows for immediate forensic exploitation of relevant data both in-memory and on-disk. Significant hands-on experience during labs will train students to analyze the same types of evidence and situations that they will encounter in real-world investigations. This class is structured so that a specific analysis technique is discussed and then the students immediately analyze staged evidence using their newly gained knowledge. Not only does this approach reinforce the material learned, but it also gives students a number of new skills as the course proceeds. Upon completion of the training, students will be able to effectively analyze a large number of digital evidence sources, including both on-disk and in-memory data, using the latest and most effective forensics tools and techniques. These skills will be immediately usable in a number of investigative scenarios and will greatly enhance even experienced investigators’ skillset. Students will also leave with media that contains all the tools and resources used throughout the training.

Digital Forensics And Incident Response – Tactical Edition (2021)

Digital Forensics is defined as the process of preservation, identification, extraction, and documentation of computer evidence which can be used by the court of law. It is a science of finding evidence from digital media like a computer, mobile phone, server, or network. A digital forensic analyst exploits digital evidence and investigates computer security incidents to derive useful information in support of system/network vulnerability mitigation.

Syllabus

Setting up a Forensic Workstation

Enumerating the Network Infrastructure as a Forensics Analyst

The Enterprise Forensics and Response course is designed to provide students with both an investigative construct and techniques that allow them to scale incident response activities in an enterprise environment. The focus of the lecture portion of the course work is understanding the incident investigation process, objective oriented analysis and response, intrusion analysis and an exploration of attacker Tactics and Techniques. The technical portion of the course will focus on how to conduct incident investigations at enterprise scale using the remote evidence acquisition and analysis tool Velociraptor along with other free and open-source tools. The focus of the technical portion will be on extracting usable Indicators of Compromise (IOCs) related to specific MITRE ATT&CK tactics. For example, students will be instructed on extracting and analyzing evidence related to the Execution TA0002 of malicious code or LOLBAS. From here, they will be tasked with addressing containment and eradication measures. This course will combine technical elements along with lecture that provides students with both an investigative construct and techniques that allows them to analyze evidence and provide stakeholders with data necessary to limit the damage of modern cyber-attacks.

Antisyphon: Enterprise Forensics and Response

EC-Council’s Hacking Forensic Investigator (C|HFI) is the only comprehensive ANSI accredited, lab-focused program on the market that gives organizations vendor-neutral training in digital forensics. C|HFI provides its attendees with a firm grasp of digital forensics, presenting a detailed and methodological approach to digital  forensics and evidence analysis that also pivots around the Dark Web, IoT, and Cloud Forensics. The tools and techniques covered in this program will prepare the learner for conducting digital investigations using ground-breaking digital forensics technologies.

Unlock the secrets of Windows forensic investigation with my new course! I took my years of experience creating videos on the 13Cubed YouTube channel and set out to develop affordable, comprehensive, and professional training. Whether you’re looking to get into the field, already work in the field but want to step up your game, or just have an interest in digital forensics, look no further. This course is for you!

Syllabus

Welcome and Introduction
Initial Setup
Windows Event Logs
The Registry
Evidence of Execution
Persistence, Privilege Escalation, and Lateral Movement
Anatomy of NTFS
File Deletion and Recovery
LNK Files and Jump Lists
Additional Content
Knowledge Assessment

Investigating Windows Endpoints