Digital Forensics 101
ULTRA-DETAILED: Master the forensics mindset, chain of custody, and digital evidence preservation.
Curriculum
20 ModulesThe Forensics Mindset & Chain of Custody
Learn the ethical core, scientific methodology, and chain of custody protocols.
Evidence Acquisition (Imaging)
Creating bit-for-bit copies using FTK Imager, dd, and hardware write blockers.
File Systems: FAT/NTFS/EXT
Understanding how data is physically stored and deleted (MFT, Inodes).
Windows Forensics: Registry
Analyzing the Windows Registry for user activity, USB history, and autoruns.
Windows Forensics: Artifacts
Prefetch, Jump Lists, LNK files, and Shellbags.
Browser Forensics
Recovering history, cache, cookies, and passwords from Chrome/Firefox.
Email Forensics
Tracing headers, recovering deleted emails (PST/OST), and phishing analysis.
Memory (RAM) Forensics
Using Volatility to find malware, injected code, and passwords in RAM.
Network Forensics
Analyzing PCAP files with Wireshark to reconstruct attacks.
Mobile Forensics (iOS/Android)
Acquisition techniques, iTunes backups, and SQLite database analysis.
Linux Forensics
Investigating compromised Linux servers, logs (/var/log), and bash history.
Mac OS Forensics
APFS specifics, FSEvents, and property list (plist) analysis.
Malware Forensics
Static analysis basics for investigators (identifying packed files).
Timeline Analysis
Creating a super-timeline (Plaso) to reconstruct the entire incident.
Anti-Forensics
Detecting data destruction, encryption, and time stomping.
Database Forensics
Investigating SQL injection attacks and database logs.
Cloud Forensics (AWS/Azure)
Investigating cloud logs (CloudTrail) and compromised instances.
Report Writing for Court
Structuring a forensic report and expert witness preparedness.
Lab Management
Building and maintaining a secure forensics lab.
Capstone Case
Full investigation of a corporate espionage scenario.