===================
Basic Computer Skills for Digital Forensics
Computer and Digital Forensics (updated on Oct. 2021)
Computer Forensics Case Study
Mobile Forensics Case Study
Forensic Intelligence Repository
Tool Installation
wget https://raw.githubusercontent.com/frankwxu/digital-forensics-lab/main/Help/tool-install-zsh.sh
chmod +x tool-install-zsh.sh
./tool-install-zsh.sh
==============
The P2P data leakage case study is to help students to apply various forensic techniques to investigate intellectual property theft involving P2P. The study include
Topics Covered
Labs | Topics Covered | Size of PPTs |
---|---|---|
Lab 0 | Lab Environment Setting Up | 4M |
Lab 1 | Disk Image and Partitions | 5M |
Lab 2 | Windows Registry and File Directory | 15M |
Lab 3 | MFT Timeline | 6M |
Lab 4 | USN Journal Timeline | 3M |
Lab 5 | uTorrent Log File | 9M |
Lab 6 | File Signature | 8M |
Lab 7 | Emails | 9M |
Lab 8 | Web History | 11M |
Lab 9 | Website Analysis | 2M |
Lab 10 | Timeline (Summary) | 13K |
==============
The case study is to investigate an image involving intellectual property theft. The study include
Topics Covered
Labs | Topics Covered | Size of PPTs |
---|---|---|
Lab 0 | Environment Setting Up | 2M |
Lab 1 | Windows Registry | 3M |
Lab 2 | Windows Event and XML | 3M |
Lab 3 | Web History and SQL | 3M |
Lab 4 | Email Investigation | 3M |
Lab 5 | File Change History and USN Journal | 2M |
Lab 6 | Network Evidence and shellbag | 2M |
Lab 7 | Network Drive and Cloud | 5M |
Lab 8 | Master File Table ($MFT) and Log File ($logFile) Analysis | 13M |
Lab 9 | Windows Search History | 4M |
Lab 10 | Windows Volume Shadow Copy Analysis | 6M |
Lab 11 | Recycle Bin and Anti-Forensics | 3M |
Lab 12 | Data Carving | 3M |
Lab 13 | Crack Windows Passwords | 2M |
=====================
The case study is to investigate the illegal possession of Rhino images. This image was contributed by Dr. Golden G. Richard III, and was originally used in the DFRWS 2005 RODEO CHALLENGE. NIST hosts the USB DD image. A copy of the image is also available in the repository.
Topics Covered
Labs | Topics Covered | Size of PPTs |
---|---|---|
Lab 0 | HTTP Analysis using Wireshark (text) | 3M |
Lab 1 | HTTP Analysis using Wireshark (image) | 6M |
Lab 2 | Rhion Possession Investigation 1: File recovering | 9M |
Lab 3 | Rhion Possession Investigation 2: Steganography | 4M |
Lab 4 | Rhion Possession Investigation 3: Extract Evidence from FTP Traffic | 3M |
Lab 5 | Rhion Possession Investigation 4: Extract Evidence from HTTP Traffic | 5M |
=========
The case study is to investigate the harassment email sent by a student to a faculty member. The case is hosted by digitalcorpora.org. You can access the senario description and network traffic from their website. The repository only provides lab instructions.
Topics Covered
Labs | Topics Covered | Size of PPTs |
---|---|---|
Lab 0 | Investigating Harassment Email using Wireshark | 3M |
Lab 1 | t-shark Forensic Introduction | 2M |
Lab 2 | Investigating Harassment Email using t-shark | 2M |
=========
The case study is to investigate computer memory for reconstructing a timeline of illegal data transferring. The case includes a scenario of transfer sensitive files from a server to a USB.
Topics Covered
Labs | Topics Covered | Size of PPTs |
---|---|---|
Lab 0 | Memory Forensics | 11M |
part 1 | Understand the Suspect and Accounts | |
part 2 | Understand the Suspect’s PC | |
part 3 | Network Forensics | |
part 4 | Investigate Command History | |
part 5 | Investigate Suspect’s USB | |
part 6 | Investigate Internet Explorer History | |
part 7 | Investigate File Explorer History | |
part 8 | Timeline Analysis |
=========
The case study, including a disk image provided by NIST is to investigate a hacker who intercepts internet traffic within range of Wireless Access Points.
Topics Covered
Labs | Topics Covered | Size of PPTs |
---|---|---|
Lab 0 | Hacking Case | 8M |
The image is created by Joshua Hickman and hosted by digitalcorpora.
=========
Labs | Topics Covered | Size of PPTs |
---|---|---|
Lab 0 | Intro Pixel 3 | 3M |
Lab 1 | Pixel 3 Image | 2M |
Lab 2 | Pixel 3 Device | 4M |
Lab 3 | Pixel 3 System Setting | 5M |
Lab 4 | Overview: App Life Cycle | 11M |
Lab 5.1.1 | AOSP App Investigations: Messaging | 4M |
Lab 5.1.2 | AOSP App Investigations: Contacts | 3M |
Lab 5.1.3 | AOSP App Investigations: Calendar | 1M |
Lab 5.2.1 | GMS App Investigations: Messaging | 6M |
Lab 5.2.2 | GMS App Investigations: Dialer | 2M |
Lab 5.2.3 | GMS App Investigations: Maps | 8M |
Lab 5.2.4 | GMS App Investigations: Photos | 6M |
Lab 5.3.1 | Third-Party App Investigations: Kik | 4M |
Lab 5.3.2 | Third-Party App Investigations: textnow | 1M |
Lab 5.3.3 | Third-Party App Investigations: whatapp | 3M |
Lab 6 | Pixel 3 Rooting | 5M |
========
=============
annsli.github.io/pasco-project/
github.com/Arthelon/imgclip
github.com/AtesComp/Vinetto
github.com/digitalsleuth/time_decode
github.com/dkovar/analyzeMFT
github.com/fishjam/xmlstarlet
github.com/frankwxu/digital-forensics-lab
github.com/frankwxu/digital-forensics-lab#Investigating-Android-10
github.com/frankwxu/digital-forensics-lab#Investigating-Email-Harassment
github.com/frankwxu/digital-forensics-lab#Investigating-Hacking-Case
github.com/frankwxu/digital-forensics-lab#Investigating-illegal-File-Transferring
github.com/frankwxu/digital-forensics-lab#Investigating-Illegal-Possession-of-Images
github.com/frankwxu/digital-forensics-lab#Investigating-NIST-Data-Leakage
github.com/frankwxu/digital-forensics-lab#Investigating-P2P-Data-Leakage
github.com/frankwxu/digital-forensics-lab#Tools-Used
github.com/frankwxu/digital-forensics-lab/blob/main
github.com/frankwxu/digital-forensics-lab/blob/main/2_Investigate_Harassment_Email_TShark.pptx
github.com/frankwxu/digital-forensics-lab/blob/main/5_3_2_Third_Party_App_Investigation%20_textnow.pptx
github.com/frankwxu/digital-forensics-lab/blob/main/Andriod10/0_Intro_Pixel3_Andriod10.pptx
github.com/frankwxu/digital-forensics-lab/blob/main/Andriod10/1_Pixel3_Image.pptx
github.com/frankwxu/digital-forensics-lab/blob/main/Andriod10/2_Pixel3_Device_Investigation.pptx
github.com/frankwxu/digital-forensics-lab/blob/main/Andriod10/3_Pixel3_System_settings.pptx
github.com/frankwxu/digital-forensics-lab/blob/main/Andriod10/4_Overivew_App_Life_Cycle.pptx
github.com/frankwxu/digital-forensics-lab/blob/main/Andriod10/5_1_1_AOSP_App_Investigations_Messaging.pptx
github.com/frankwxu/digital-forensics-lab/blob/main/Andriod10/5_1_2_AOSP_App_Investigations_Contacts.pptx
github.com/frankwxu/digital-forensics-lab/blob/main/Andriod10/5_2_1_GMS_App_Investigations_Messaging.pptx
github.com/frankwxu/digital-forensics-lab/blob/main/Andriod10/5_2_2_GMS_App_Investigations_Dialer.pptx
github.com/frankwxu/digital-forensics-lab/blob/main/Andriod10/5_2_3_GMS_App_Investigations_Maps.pptx
github.com/frankwxu/digital-forensics-lab/blob/main/Andriod10/5_2_4_GMS_App_Investigations_Photos.pptx
github.com/frankwxu/digital-forensics-lab/blob/main/Andriod10/5_3_1_Third_Party_App_Investigation_kik.pptx
github.com/frankwxu/digital-forensics-lab/blob/main/Andriod10/5_3_3_Third_Party_App_Investigation_whatsapp.pptx
github.com/frankwxu/digital-forensics-lab/blob/main/Andriod10/6_Pixel3_rooting.pptx
github.com/frankwxu/digital-forensics-lab/blob/main/Basic_Computer_Skills_for_Forensics/0_Number_Systems.pptx
github.com/frankwxu/digital-forensics-lab/blob/main/Basic_Computer_Skills_for_Forensics/10_Steganography.pptx
github.com/frankwxu/digital-forensics-lab/blob/main/Basic_Computer_Skills_for_Forensics/1_PC_Introduction.pptx
github.com/frankwxu/digital-forensics-lab/blob/main/Basic_Computer_Skills_for_Forensics/2_Win_command_line_tutorial.pptx
github.com/frankwxu/digital-forensics-lab/blob/main/Basic_Computer_Skills_for_Forensics/3_Linux_command_line_tutorial.pptx
github.com/frankwxu/digital-forensics-lab/blob/main/Basic_Computer_Skills_for_Forensics/4_Advanced_linux_command_line.pptx
github.com/frankwxu/digital-forensics-lab/blob/main/Basic_Computer_Skills_for_Forensics/5_Introduction_to_digital_forensics.pptx
github.com/frankwxu/digital-forensics-lab/blob/main/Basic_Computer_Skills_for_Forensics/6_Sleuth_Kit_Tutorial.pptx
github.com/frankwxu/digital-forensics-lab/blob/main/Basic_Computer_Skills_for_Forensics/7_USB_Image_Acquisition.pptx
github.com/frankwxu/digital-forensics-lab/blob/main/Basic_Computer_Skills_for_Forensics/8_Evidence_search_techniques.pptx
github.com/frankwxu/digital-forensics-lab/blob/main/Basic_Computer_Skills_for_Forensics/9_Data_Carving.pptx
github.com/frankwxu/digital-forensics-lab/blob/main/Basic_Computer_Skills_for_Forensics/Forensic_Report_Template.pdf
github.com/frankwxu/digital-forensics-lab/blob/main/Email_Harassment/0_Investigate_Harassment_Email_Wireshark.pptx
github.com/frankwxu/digital-forensics-lab/blob/main/Email_Harassment/1_tshark_forensics_Introduction.pptx
github.com/frankwxu/digital-forensics-lab/blob/main/Illegal_File_Transferring_Memory_Forensics
github.com/frankwxu/digital-forensics-lab/blob/main/Illegal_Possession_Images/HTTP_Wireshark_Forensics_1_text.pptx
github.com/frankwxu/digital-forensics-lab/blob/main/Illegal_Possession_Images/HTTP_Wireshark_Forensics_2_image.pptx
github.com/frankwxu/digital-forensics-lab/blob/main/Illegal_Possession_Images/Rhion_Possession_1_File_Recovering.pptx
github.com/frankwxu/digital-forensics-lab/blob/main/Illegal_Possession_Images/Rhion_Possession_2_Steganography.pptx
github.com/frankwxu/digital-forensics-lab/blob/main/Illegal_Possession_Images/Rhion_Possession_3_FTP_Traffic_crackzip.pptx
github.com/frankwxu/digital-forensics-lab/blob/main/Illegal_Possession_Images/Rhion_Possession_4_HTTP_Traffic.pptx
github.com/frankwxu/digital-forensics-lab/blob/main/NIST_Data_Leakage_Case/NIST_Data_Leakage_00_Env_Setting.pptx
github.com/frankwxu/digital-forensics-lab/blob/main/NIST_Data_Leakage_Case/NIST_Data_Leakage_01_Registry.pptx
github.com/frankwxu/digital-forensics-lab/blob/main/NIST_Data_Leakage_Case/NIST_Data_Leakage_02._WinEvt_XML.pptx
github.com/frankwxu/digital-forensics-lab/blob/main/NIST_Data_Leakage_Case/NIST_Data_Leakage_04_Email_USB.pptx
github.com/frankwxu/digital-forensics-lab/blob/main/NIST_Data_Leakage_Case/NIST_Data_Leakage_05_USNJournaling.pptx
github.com/frankwxu/digital-forensics-lab/blob/main/NIST_Data_Leakage_Case/NIST_Data_Leakage_06_Network_Shellbag_Jumplist.pptx
github.com/frankwxu/digital-forensics-lab/blob/main/NIST_Data_Leakage_Case/NIST_Data_Leakage_07_NetworkDrive_Cloud.pptx
github.com/frankwxu/digital-forensics-lab/blob/main/NIST_Data_Leakage_Case/NIST_Data_Leakage_08_CD_%24MFT.pptx
github.com/frankwxu/digital-forensics-lab/blob/main/NIST_Data_Leakage_Case/NIST_Data_Leakage_10_Vol_Shadow_Copy.pptx
github.com/frankwxu/digital-forensics-lab/blob/main/NIST_Data_Leakage_Case/NIST_Data_Leakage_11_RecycleBin_AntiForensics.pptx
github.com/frankwxu/digital-forensics-lab/blob/main/NIST_Data_Leakage_Case/NIST_Data_Leakage_12_CD-R_Data_Carving.pptx
github.com/frankwxu/digital-forensics-lab/blob/main/NIST_Data_Leakage_Case/NIST_Data_Leakage_13_Crack_Win10_Login_Password.pptx
github.com/frankwxu/digital-forensics-lab/blob/main/NIST_Hacking_Case/NIST_Hacking_Case.pptx
github.com/frankwxu/digital-forensics-lab/blob/main/P2P_Leakage/Presentation/ID00_Lab_Setup.pptx
github.com/frankwxu/digital-forensics-lab/blob/main/P2P_Leakage/Presentation/ID01_Disk_Image_and_Partitions.pptx
github.com/frankwxu/digital-forensics-lab/blob/main/P2P_Leakage/Presentation/ID02_Registry_and_File_Directory.pptx
github.com/frankwxu/digital-forensics-lab/blob/main/P2P_Leakage/Presentation/ID03_MFT_Timeline.pptx
github.com/frankwxu/digital-forensics-lab/blob/main/P2P_Leakage/Presentation/ID05_uTorrent_Log_File.pptx
github.com/frankwxu/digital-forensics-lab/blob/main/P2P_Leakage/Presentation/ID06_File_Signature.pptx
github.com/frankwxu/digital-forensics-lab/blob/main/P2P_Leakage/Presentation/ID07_Emails.pptx
github.com/frankwxu/digital-forensics-lab/blob/main/P2P_Leakage/Presentation/ID08_Web_History.pptx
github.com/frankwxu/digital-forensics-lab/blob/main/P2P_Leakage/Presentation/ID09_Website_Analysis.pptx
github.com/frankwxu/digital-forensics-lab/blob/main/P2P_Leakage/Presentation/Questions.docx
github.com/frankwxu/digital-forensics-lab/blob/main/STIX_for_digital_forensics/Email_Harassment
github.com/frankwxu/digital-forensics-lab/blob/main/STIX_for_digital_forensics/Illegal_Possession_Images
github.com/frankwxu/digital-forensics-lab/tree/main/Email_Harassment
github.com/frankwxu/digital-forensics-lab/tree/main/Illegal_File_Transferring_Memory_Forensics
github.com/frankwxu/digital-forensics-lab/tree/main/Illegal_Possession_Images
github.com/frankwxu/digital-forensics-lab/tree/main/NIST_Data_Leakage_Case
github.com/frankwxu/digital-forensics-lab/tree/main/NIST_Hacking_Case
github.com/kddeisz/tree
github.com/keydet89/RegRipper3.0
github.com/libguestfs/hivex
github.com/libyal/libesedb
github.com/libyal/libpff
github.com/libyal/libvshadow
github.com/PoorBillionaire/USN-Journal-Parser
github.com/PoorBillionaire/USN-Record-Carver
github.com/PoorBillionaire/Windows-Prefetch-Parser.git
github.com/prolsen/recentfilecache-parser
github.com/williballenthin/python-evtx
raw.githubusercontent.com/frankwxu/digital-forensics-lab/main/Help/Kali_Installation_2020.pptx