Course Information
Description
Hands-on first look at some of the tools, techniques, and procedures used for network-based and Windows forensics as it pertains to threat hunting. Attacks by basic to advanced threat actors will leave artifacts that can be detected. Study collecting and correlating current and historic pcap-based network data with host and network generated logs to create a profile of an attack for post-incident investigations and reporting or proactive threat hunting. Go further into forensics with examining end point data by investigating Windows and browser artefacts that track user actions. Open-source tools include: Security Onion [Hunt, Kibana, Playbook, Cyber Chef, Network Miner, Wireshark, etc.
Total Credits
3
Course Competencies
-
Explain DD and HelixAssessment Strategiesby completing lab manual assignmentusing a business scenarioby examinationCriterialab manual meets guidelines as specified by the instructoryou enter into class discussions about tools used to mine data and the effectiveness of these toolsyou utilize the dd utility to access data off of a deviceyou download a helix distribution and use it to access a systemyou create your own helix cdyou listen attentively during class
-
Compare grabbing and hashingAssessment Strategiesby completing lab manual assignmentusing a business scenarioby examinationCriterialab manual meets guidelines as specified by the instructoryou enter into class discussions about grabbing and hashing datayou utilize forensic utility tools to access hidden or deleted datayou listen attentively during class
-
Use Forensic ToolKit (FTK) ImagerAssessment Strategiesby completing lab manual assignmentusing a business scenarioby examinationCriterialab manual meets guidelines as specified by the instructoryou enter into class discussions about advanced tools that allow you to access data in FAT, NTFS, EXT 2 and 3 as well as HFS and HPFS file systemsyou utilize FTK to acquire locked system filesyou utilize FTK to hash physically or logically for verificationyou listen attentively during class
-
Explain chain of custodyAssessment Strategiesby completing lab manual assignmentusing a business scenarioby examinationCriterialab manual meets guidelines as specified by the instructoryou enter into class discussions about law and it's relationship with forensic datayou enter into class discussions about preserving computer data as evidenceyou enter into class discussions about acting as an expert witness in a case on computer datayou listen attentively during class
-
Compare file headers and type mismatchesAssessment Strategiesby completing lab manual assignmentusing a business scenarioby examinationCriterialab manual meets guidelines as specified by the instructoryou enter into class discussions about matching headers and file typesyou determine when data has mismatched headers and file typesyou listen attentively during class
-
Utilize autopsy to mine dataAssessment Strategiesby completing lab manual assignmentusing a business scenarioby examinationCriterialab manual meets guidelines as specified by the instructoryou enter into class discussions about open source digital investigation toolsyou utilize open source digital investigation tools to to analyze NTFS, FAT, Ext2, Ext3, UFS1, and UFS2 file systems and several volume system typesyou listen attentively during class
-
Use PyFlag to mine dataAssessment Strategiesby completing lab manual assignmentusing a business scenarioby examinationCriterialab manual meets guidelines as specified by the instructoryou enter into class discussions about log file analysis in forensic investigationsyou configure and utilize pyflag to analyze log filesyou listen attentively during class
-
Explain data chunkingAssessment Strategiesby completing lab manual assignmentusing a business scenarioby examinationCriterialab manual meets guidelines as specified by the instructoryou enter into class discussions about managing large files of datayou utilize data mining tools to access chunks of data on a RAID arrayyou listen attentively during class