Module 01: Computer Forensics in Today’s World

Fundamentals of Computer Forensics

Cybercrimes and their Investigation Procedures

Digital Evidence and eDiscovery

Forensic Readiness

Role of Various Processes and Technologies in Computer Forensics

Roles and Responsibilities of a Forensic Investigator

Challenges Faced in Investigating Cybercrimes

Standards and Best Practices Related to Computer Forensics

Laws and Legal Compliance in Computer Forensics

Key topics covered:

Scope of Computer Forensics, Types of Cybercrimes, Cyber Attribution, Cybercrime Investigation, Types and Role of Digital Evidence, Sources of Potential Evidence, Federal Rules of Evidence (United States), Forensic Readiness and Business Continuity, Incident Response Process Flow, Role of Artificial Intelligence in Computer Forensics, Forensics Automation and Orchestration, Roles and Responsibilities of a Forensics Investigator, Code of Ethics, Challenges Cybercrimes Pose to Investigators, ISO Standards, and Computer Forensics and Legal Compliance.

Module 02: Computer Forensics Investigation Process

Forensic Investigation Process and its Importance

First Response

Pre-Investigation Phase

Investigation Phase

Post-Investigation Phase

Labs:

Create a hard disk image file for forensics investigation and recover the data.

Key topics covered:

Phases Involved in the Computer Forensics Investigation Process, First Response, Roles of First Responder, First Response: Different Situations, Setting Up a Computer Forensics Lab, Understanding Hardware and Software Requirements of a Forensics Lab, Building Security Content, Scripts, Tools, or Methods to Enhance Forensic Processes, Documenting the Electronic Crime Scene, Search and Seizure, Evidence Preservation, Data Acquisition, Case Analysis, Reporting, and Testifying as an Expert Witness.

Module 03: Understanding Hard Disks and File Systems

Disk Drives and their Characteristics

Logical Structure of a Disk

Booting Process of Windows, Linux, and macOS Operating Systems

File Systems of Windows, Linux, and macOS Operating Systems

File System Analysis

Storage Systems

Encoding Standards and Hex Editors

Analyze Popular File Formats

Labs:

Analyze file system of Linux and Windows evidence images and recover the deleted files.

Analyze file formats.

Key topics covered:

Hard Disk Drive, Solid-State Drive (SSD), Disk Interfaces, Logical Structure of Disks, Windows Boot Process, macOS Boot Process, Linux Boot Process, Windows File Systems, Linux File Systems, macOS File Systems, File System Analysis, File System Timeline Creation, and Analysis, RAID Storage System, Differences between NAS and SAN, Character Encoding Standards, Hex Editors, PDF File Analysis, Word File Analysis, PowerPoint File Analysis, and Excel File Analysis.

Module 04: Data Acquisition and Duplication

Data Acquisition

eDiscovery

Data Acquisition Methodology

Preparing an Image File for Examination

Labs:

Create a forensics image for examination and convert it into various supportive formats for data acquisition.

Key topics covered:

Live Acquisition, Dead Acquisition, Data Acquisition Format, eDiscovery Collection Methodologies, eDiscovery Tools, Determine the Data Acquisition Method, Select Data Acquisition Tool, Sanitize Target Media, Acquire Volatile Data, Enable Write Protection on the Evidence Media, Acquire Non-Volatile Data, Plan for Contingency, Validate Data Acquisition, Preparing an Image for Examination and Digital Forensic Imaging Tools.

Module 05: Defeating Anti-Forensics Techniques

Anti-Forensics Techniques

Data Deletion and Recycle Bin Forensics

File Carving Techniques and Ways to Recover Evidence from Deleted Partitions

Password Cracking/Bypassing Techniques

Steganography, Hidden Data in File System Structures, Trail Obfuscation, and File Extension

Mismatch

Techniques of Artifact Wiping, Overwritten Data/Metadata Detection, and Encryption

Program Packers and Footprint Minimizing Techniques

Labs:

Perform Solid-state drive (SSD) file carving on Windows and Linux file systems.

Recover lost/deleted partitions and their contents.

Crack passwords of various applications.

Detect hidden data streams and unpack program packers.

Key topics covered:

Challenges to Forensics from Anti-Forensics, Anti-Forensics Techniques, Data/File Deletion, Recycle Bin in Windows, File Carving, Recovering Deleted Partitions, Password Cracking Tools, Bypassing Windows User Password, Steganography, Alternate Data Streams, Trail Obfuscation, Overwriting Data/Metadata, Encryption, Program Packers, and Anti-Forensics Techniques that Minimize Footprint.

Module 06: Windows Forensics

Windows Forensics

Collect Volatile Information

Collect Non-volatile Information

Windows Memory Analysis

Windows Registry Analysis

Electron Application Analysis

Web Browser Forensics

Examine Windows Files and Metadata

ShellBags, LNK Files, and Jump Lists

Text-based Logs and Windows Event Logs

Labs:

Acquire and investigate RAM and Windows registry contents.

Examine forensic artifacts from web browsers.

Identify and extract forensic evidence from computers.

Key topics covered:

Windows Forensics Methodology, Collecting Volatile Information, Collecting Non-volatile Information, Collecting Windows Domain Information, Examining Compressed Files, Windows Memory Analysis, Memory Forensics, Windows Registry Analysis, Electron Application Forensics, Web Browser Forensics, Carving SQLite Database Files, Windows File Analysis, Metadata Investigation, Windows ShellBags, Analyzing LNK Files, Analyzing Jump Lists, Windows 11 Event Logs, and Windows Forensics Tools.

Module 07: Linux and Mac Forensics

Collect Volatile Information in Linux

Collect Non-Volatile Information in Linux

Linux Memory Forensics

Mac Forensics

Collect Volatile Information in Mac

Collect Non-Volatile Information in Mac

Mac Memory Forensics and Mac Forensics Tools

Labs:

Perform volatile and non-volatile data acquisition on Linux and Mac computers.

Perform memory forensics on a Linux machine.

Key topics covered:

Collecting Volatile Information, Collecting Non-Volatile Information, Linux Memory Forensics, Mac Forensics Data, Mac Log Files, Mac Directories, Mac Memory Forensics, APFS Analysis, Parsing Metadata on Spotlight, and Mac Forensics Tools.

Module 08: Network Forensics

Network Forensics

Event Correlation

Indicators of Compromise (IoCs) from Network Logs

Investigate Network Traffic

Incident Detection and Examination

Wireless Network Forensics

Detect and Investigate Wireless Network Attacks

Labs:

Identify and investigate network attacks.

Analyze network traffic for artifacts.

Key topics covered:

Postmortem and Real-Time Analysis, Types of Network-based Evidence, Types of Event Correlation, Event Correlation Approaches, Analyzing Firewall Logs, Analyzing IDS Logs, Analyzing Honeypot Logs, Analyzing Router Logs, Analyzing DHCP Logs, Analyzing Cisco Switch Logs, Analyzing VPN Logs, Analyzing DNS Server Logs, Network Log Analysis Tools, Analyze Traffic for Network Attacks, Tools for Investigating Network Traffic, SIEM Solutions, Examine Network Attacks, Types of Wireless Evidence, Wireless Network Forensics Processes, Detect Rogue Access Points, Analyze Wireless Packet Captures, Analyze Wi-Fi Spectrum, and Tools for Investigating Wireless Network Traffic.

Module 09: Malware Forensics

Malware

Malware Forensics

Static Malware Analysis

Analyze Suspicious Documents

System Behavior Analysis

Network Behavior Analysis

Ransomware Analysis

Labs:

Perform static malware analysis.

Analyze a suspicious PDF file and Microsoft Office document.

Emotet malware analysis.

Key topics covered:

Different Ways for Malware to Enter a System, Components of Malware, Malware Forensic Artifacts, Setting Up a Controlled Malware Analysis Lab, Malware Analysis Tools, Types of Malware Analysis, Static Malware Analysis, System Behavior Analysis, Network Behavior Analysis, and Ransomware Analysis – BlackCat (ALPHV).

Module 10: Investigating Web Attacks

Web Application Forensics

Internet Information Services (IIS) Logs

Apache Web Server Logs

Detect and Investigate Various Attacks on Web Applications

Labs:

Identify and investigate web application attacks.

Key topics covered:

Indicators of a Web Attack, OWASP Top 10 Application Security Risks – 2021, Web Attack Investigation Methodology, IIS Web Server Architecture, Analyzing IIS Logs, IIS Log Analysis Tools, Apache Web Server Logs, Apache Access Logs, Apache Error Logs, Apache Log Analysis Tools, Investigating Cross-Site Scripting (XSS) Attack, Investigating SQL Injection Attack, Investigating Path/Directory Traversal Attack, Investigating Command Injection Attack, Investigating XML External Entity (XXE) Attack, and Investigating Brute-Force Attack.

Module 11: Dark Web Forensics

Dark Web and Dark Web Forensics

Identify the Traces of Tor Browser during Investigation

Tor Browser Forensics

Labs:

Detect Tor Browser Activity and examine RAM dumps to discover Tor Browser artifacts.

Key topics covered:

Working with the Tor Browser, Dark Web Forensics, Identifying the Tor Browser Artifacts, Tor Browser Forensics, Memory Dump Analysis, and Forensic Analysis of Memory Dumps to Examine Email Artifacts.

Module 12: Cloud Forensics

Cloud Computing

Cloud Forensics

Amazon Web Services (AWS) Fundamentals

AWS Forensics

Microsoft Azure Fundamentals

Microsoft Azure Forensics

Google Cloud Fundamentals

Google Cloud Forensics

Labs:

Forensic acquisition and examination of an Amazon EC2 Instance, Azure VM, and GCP VM.

Key topics covered:

Types of Cloud Computing Services, Separation of Responsibilities in the Cloud, OWASP Top 10 Cloud Security Risks, Uses of Cloud Forensics, Data Storage in AWS, Logs in AWS, Forensic Acquisition of Amazon EC2 Instance, Data Storage in Azure, Logs in Azure, Forensic Acquisition of VMs in Azure, Data Storage in Google Cloud, Logs in Google Cloud, Forensic Acquisition of Persistent Disk Volumes in GCP, Investigating Google Cloud Security Incidents, Investigating Google Cloud Container Security Incidents, and Investigating Google Cloud VM-based Security Incidents.

Module 13: Email and Social Media Forensics

Email Basics

Email Crime Investigation and its Steps

U.S. Laws Against Email Crime

Social Media Forensics

Labs:

Investigate a suspicious email to extract forensic evidence.

Key topics covered:

Components Involved in Email Communication, Parts of an Email Message, Steps to Investigate Email Crimes, U.S. Laws Against Email Crime, Social Media Crimes, Extracting Footage from Social Media Platforms, Tracking Social Media User Activities, Constructing and Analyzing Social Network Graphs, and Social Media Forensics Tools.

Module 14: Mobile Forensics

Mobile Device Forensics

Android and iOS Architecture and Boot Process

Mobile Forensics Process

Investigate Cellular Network Data

File System Acquisition

Phone Locks, Rooting, and Jailbreaking of Mobile Devices

Logical Acquisition on Mobile Devices

Physical Acquisition of Mobile Devices

Android and iOS Forensic Analysis

Labs:

Examine an Android image file and carve deleted files.

Key topics covered:

Mobile Device Forensics, OWASP Top 10 Mobile Risk, Android OS Architecture, iOS Architecture, Mobile Forensics Process, Android Forensics Process, iOS Forensics Process, Cell Site Analysis, Android File System, iOS File System, Bypassing Locked Android Devices, Accessing Root Files in Android, Jailbreaking of iOS Devices, Logical Acquisition, Cloud Data Acquisition on Android and iOS Devices, Physical Acquisition, JTAG Forensics, Flasher Boxes, Static Analysis and Dynamic Analysis of Android Package Kit (APK), Android Log Analysis Tools, Collecting WhatsApp Artifacts from Android Devices, Analyzing iOS Safari Artifacts, Analyzing iOS Keychains, and iOS Forensic Analysis.

Module 15: IoT Forensics

IoT Concepts

IoT Devices Forensics

Key topics covered:

IoT Architecture, IoT Security Problems, OWASP Top 10 IoT Threats, IoT Forensics Process, IoT Forensics Challenges, Wearable IoT Device: Smartwatch, and IoT Device Forensics: Smart Speaker—Amazon Echo, Hardware Level Analysis: JTAG and Chip-off Forensics, Extracting and Analyzing Data from Drone/UAVs, and IoT Forensics Tools.