Digital Forensics

Computer forensics, or digital forensics, is a fairly new field. Computer forensics investigators, also known as computer forensics specialists, computer forensics examiners, or computer forensics analysts, are charged with uncovering and describing the information contained on, or the state or existence of, a digital artifact. Digital artifacts include computer systems, hard drives, CDs, and other storage devices, as well as electronic documents and files like emails and JPEG images. The fast-growing field of computer forensics includes several branches related to firewalls, networks, databases, and mobile devices. Digital forensics technicians can find work with many types of organizations: government (local, state, and federal), accounting firms, law firms, banks, and software development companies. Essentially, any kind of organization that has a computer system may have a need for a digital forensics specialist. Some digital forensics specialists opt to start their own businesses, giving them an opportunity to work with a variety of clients. Computer forensics investigators provide many services based on gathering digital information, from investigating computer systems and data in order to present information for legal cases to determining how an unauthorized user hacked into a system. A digital forensics examiner does many things in the course of these tasks – protects the computer system, recovers files (including those that were deleted or encrypted), analyses data found on various disks, and provides reports, feedback, and even testimony when required. The employment outlook for digital forensics examiners and investigators is favorable due to the rapid growth of crimes involving computers (cybercrime). Learning Outcomes After the successful completion of this course, the learner will be able to: A. Understand the importance of a systematic procedure for investigation of data found on digital storage media that might provide evidence of wrong-doing. B. Understand the file system storage mechanisms of the operating systems. C. Use tools for faithful preservation of data on disks for analysis. D. Find data that may be clear or hidden on a computer disk. E. Learn the use of computer forensics tools used in data analysis, such as searching, absolute disk sector viewing and editing, recovery of files, password cracking, etc. F. Understand how to present the results of disk data analysis in a court proceeding as an expert witness.

WEEK

TOPIC

MODULE

Week 1

Introduction to Digital Forensic

Definition of Computer Forensics

Cyber Crime

Evolution of Computer Forensics

Objectives of Computer Forensics

Roles of Forensics Investigator

Forensics Readiness

Steps for Forensics

Week 2

Computer Forensics Investigation Process

Digital Forensics Investigation Process

Digital Forensics Investigation Process-Assessment Phase

Acquire the Data

Analyze the Data

Report the Investigation

Week 3

Digital Evidence and First Responder Procedure

Digital Evidence

Digital Evidence Investigation Process

First Responders Toolkit

Issues Facing Computer Forensics

Types of Investigation

Techniques in digital forensics

Week 4

Understanding Storage Media and File System

The Booting Process

LINUX Boot Process

Mac OS Boot Sequence

Windows 10 Booting Sequence

File System

Type of File Systems

Week 5

Windows Forensics

Introduction to Windows Forensics

Windows Forensics Volatile Information

Windows Forensics Non- Volatile Information

Recovering deleted files and partitions

Windows Forensics Summary

Digital Forensics Road map: Static Data Acquisition from windows using FTK Imager

Live Data Acquisition using FTK Imager

FTK Imager

Installation of KALI Linux

RAM Dump Analysis using Volatility

Static Data Acquisition from Linux OS

Week 6

Recovering Deleted Files and Partitions

Digital Forensics Tools

Overview of EnCase Forensics

Deep Information Gathering Tool: Dmitry Page

Computer Forensics Live Practical by using Autopsy and FTK Imager

Week 7

Network Forensics

Introduction to Network Forensics

Network Components and their forensic importance

OSI internet Layers and their Forensic importance

Tools Introduction Wireshark and TCPDUMP

Packet Sniffing and Analysis using Ettercap and Wireshark

Network Forensics

Wireshark Packet Analyzer

Packet Capture using TCP DUMP

Website Penetration: WHOIS, nslookup

Week 8

Logs & Event Analysis

Forensic Analysis using AUTOPSY: Linux and Windows

Forensics and Log analysis

Compare and AUDIT Evidences using Hashdeep Page

Data Carving using Bulk Extractor: Kali Linux and Windows

Recovering Evidence from Forensic Images using Foremost

Week 9

Application Password Cracking

Introduction to Password Cracking

Password Cracking using John the Ripper

Password Cracking using Rainbow Tables

PDF File Analysis

Remote Imaging using E3 Digital Forensics

Week 10

Wireless and Web Attacks

WiFi Packet Capture and Password Cracking using Aircrack ng

Introduction to Web Attacks

Website Copier: HTTRACK

SQL Injection

Site Report Generation: Netcraft

Vulnerability Analysis: Nikto

Wayback Machine

Deep Information Gathering Tool: Dmitry

Image Metadata Extraction using Imago

Week 11

Email Forensics Investigation

Email Forensics Investigations

Week 12

Mobile Device Forensics

Mobile Forensics

Preparation for Digital Forensic investigation

Investigative reports, expert witness and cyber regulations

Introduction to Report Writing

Forensic Reports & Expert Witness

Demonstration of Some Forensics Tools

Demonstration of Some Forensics Tools