Investigation of hacker incidents. Fundamentals of forensics - course 179,990 rub. from Specialist, training, Date January 20, 2024.

You will learn:
search, obtain and analyze digital evidence;
investigate incidents resulting from hacking techniques;
apply methods and techniques of cyber forensic investigations;
interpret the collected data in the context of a computer incident investigation.

Module 1. Computer forensics in the modern world (2 ac. h.)
What is computer forensics
Application of computer forensics
Types of computer crimes
Case Study. Examples of computer crime investigations
Difficulties of forensic examination
Cybercrime Investigation
Civil investigation
Criminal Investigation
Administrative investigation
Case Study. Examples of investigation types
Rules of forensic medical examination
Investigation of crimes committed by organized criminal groups (Enterprise Theory of Investigation)
Digital evidence
What is digital evidence
Types of Digital Evidence
Characteristics of Digital Evidence
The role of digital evidence
Sources of Potential Evidence
Rules for collecting evidence
Best Evidence Requirement
Code of Evidence
Derivative proofs
Scientific Working Group on Digital Evidence (SWGDE)
Preparedness for forensic investigation
Computer Forensics as Part of an Incident Response Plan
The need for computer forensics
Roles and Responsibilities of a Forensic Investigator
Problems of forensic investigation
Legal issues
Privacy Issues
Ethics rules
Computer Forensics Resources
Learning the basics of computer crime investigation
Preparing the laboratory for practical experiments
Module 2. The process of investigating computer incidents (2 ac. h.)
The importance of the investigation process
Phases of the investigation process
Preliminary investigation stage Preparing the forensic laboratory Building an investigative team Review of policies and laws Establishing quality assurance processes Understanding data destruction standards Assessment risk
Forensic laboratory preparation
Construction of the investigation team
Review of Policies and Laws
Creating Quality Processes
Introduction to Data Destruction Standards
Risk assessment
Investigation stage Investigation process Investigation methodology: rapid response Investigation methodology: search and seizure Conduct Preliminary Interviews Search and Seizure Planning Search and Seizure Warrants Health and Safety Issues Security and Crime Scene Evaluation: checklist
Investigation process
Investigation methodology: rapid response
Investigation methodology: search and seizure
Conducting preliminary interviews
Planning for inspection and seizure
Search and Seizure Warrant
Health and Safety Issues
Crime Scene Defense and Evaluation: Checklist
Investigation methodology: evidence collection Collection of physical evidence Evidence collection form Collection and preservation of electronic evidence Work with computers turned on Working with computers turned off Working with a network computer Working with open files and startup files Procedure turning off the operating system Working with workstations and servers Working with laptop computers Working with laptops turned on computers
Collection of evidence
Evidence collection form
Collection and preservation of electronic evidence
Working with computers turned on
Working with turned off computers
Working with a network computer
Working with open files and startup files
Procedure for shutting down the operating system
Working with workstations and servers
Working with laptop computers
Working with laptops turned on
Investigation methodology: protection of evidence Management of evidence Procedure for transfer and storage of evidence Packaging and transportation of electronic evidence Numbering of physical evidence Storage of electronic evidence evidence
Evidence management
Procedure for transfer and storage of evidence
Packaging and transportation of electronic evidence
Numbering of physical evidence
Storage of electronic evidence
Investigation Methodology: Data Collection Data Collection Guide Data Duplication Image Integrity Check Data Recovery
Data Collection Guide
Data duplication
Checking image integrity
Data recovery
Investigation Methodology: Data Analysis Data Analysis Process Data Analysis Software
Data Analysis Process
Data Analysis Software
Post-investigation stage
Investigation methodology: evaluation of evidence Evaluating the evidence found Incorporating evidence into the case Processing the evaluation locations Collecting data from social networks Recommendations for researching social networks Recommendations for evaluation of evidence
Evaluating the evidence found
Adding evidence to the case
Processing Location Estimation
Collection of data from social networks
Social Media Research Guidelines
Guidelines for Evaluating Evidence
Investigation methodology: documentation and reporting Documentation for each phase of the investigation Collecting and organizing information Writing an investigation report
Documentation for each phase of the investigation
Collecting and organizing information
Writing a Research Report
Investigation methodology: expert testimony Acting as an expert witness Closing the case
Serving as an expert witness
Closing the case
Professional Conduct
Study and practical application of software tools necessary in the process of forensic investigation
Module 3. Hard drives and file systems (4 ac. h.)
Overview of Hard Drives Hard Drives (HDD) Solid State Drives (SSD) Physical Structure of a Hard Drive Logical Structure of a Hard Drive Types of Hard Drive Interfaces Hard Drive Interfaces disks Tracks Sectors Clusters Bad sectors Bits, bytes and nibbles Addressing data on a hard disk Data density on a hard disk Calculating disk capacity Measuring hard disk performance disk
Hard drives (HDD)
Solid State Drives (SSD)
Physical structure of a hard drive
Logical structure of a hard drive
Types of hard drive interfaces
Hard drive interfaces
Tracks
Sectors
Clusters
Bad sectors
Bit, byte and nibble
Addressing data on a hard drive
Hard drive data density
Disk Capacity Calculation
Hard drive performance measurement
Disk Partitions and the Boot Process Disk Partitions BIOS Parameter Block Master Boot Record (MBR) Globally Unique Identifier (GUID) What is the Boot Process? Windows Core System Files Windows Boot Process GUID Partition Table Identification GPT Header and Entry Analysis GPT Artifacts Macintosh Boot Process Linux Boot Process
Disk partitions
BIOS parameter block
Master Boot Record (MBR)
Globally unique identifier (GUID)
What is the download process?
Windows Basic System Files
Windows boot process
GUID Partition Table Identification
Analysis of GPT header and records
GPT artifacts
Macintosh boot process
Linux boot process
File Systems Understanding File Systems Types of File Systems Windows File Systems Linux File Systems Mac OS X File Systems File System Oracle Solaris 11: ZFS CD-ROM/DVD File System Compact Disc File System (CDFS) Virtual File System (VFS) Versatile Disk File System (UDF)
General information about file systems
File system types
Windows file systems
Linux File Systems
Mac OS X File Systems
Oracle Solaris 11 File System: ZFS
CD-ROM/DVD file system
Compact Disc File System (CDFS)
Virtual File System (VFS)
Universal Disk File System (UDF)
Storage System RAID RAID Levels Host Protected Areas (HPAs)
RAID levels
Host Protected Areas (HPAs)
File system analysis Isolation of homogeneous data sets Image file analysis (JPEG, BMP, hexadecimal image file formats) PDF file analysis Word file analysis Word analysis PPT files Excel file analysis Hexadecimal view of popular file formats (video, audio) File system analysis using Autopsy File system analysis using The Sleuth Kit (TSK)
Isolation of homogeneous data arrays
Image file analysis (JPEG, BMP, hexadecimal image file formats)
PDF file analysis
Word file analysis
PPT file analysis
Excel file analysis
Hexadecimal representation of popular file formats (video, audio)
File system analysis using Autopsy
File System Analysis Using The Sleuth Kit (TSK)
Recovering Deleted Files
File system analysis
Module 4. Collection and duplication of data (2 ac. h.)
Data Collection and Replication Concepts Data Collection Overview Types of Data Collection Systems
General information about data collection Types of data collection systems
Types of Data Acquisition Systems
Obtaining real-time data Volatility order Typical mistakes when collecting volatile data Methodology for collecting volatile data
Volatility order
Common mistakes when collecting volatile data
Variable Data Collection Methodology
Acquiring Static Data Static Data Rules of Thumb Duplicate Images Bit Copy and Backup Data Copy Issues Collect and Duplicate Steps Data Preparing the Evidence Submission Form Enabling Write Protection on Evidence Media Preparing the Target Media: NIST SP 800-88 Guide Determining the Data Collection Format Methods data collection Determining the best data collection method Selecting a data collection tool Collecting data from RAID drives Remote data acquisition Errors in data collection Planning emergency situations
Static data
Rules of thumb
Duplicate images
Bit copy and backup
Problems copying data
Steps for collecting and duplicating data Preparing the evidence transfer form Enabling write protection on evidence media Preparing the target Media: NIST SP 800-88 Guide Determining the Data Collection Format Data Collection Methods Determining the Best Data Collection Method Selecting data collection tool Data collection from RAID disks Remote data acquisition Errors in data collection Emergency planning situations
Preparing the Evidence Form
Enabling write protection on evidence media
Preparing Target Media: NIST SP 800-88 Guide
Defining the Data Collection Format
Data collection methods
Determining the best data collection method
Selecting a Data Collection Tool
Collecting data from RAID disks
Remote data retrieval
Errors in data collection
Contingency planning
Data Collection Guidelines
Using software to extract data from hard drives
Module 5. Techniques that complicate forensic examination (2 ac. h.)
What is antiforensics? Goals of antiforensics
Goals of antiforensics
Anti-forensics techniques Deleting data/files What happens when you delete a file in Windows? Windows Recycle Bin Where the Recycle Bin is stored in FAT and NTFS systems How the Recycle Bin works Corruption of the INFO2 file Corruption of files in the Recycle Bin Damage to the Recycle Bin directory Recovery files File recovery tools in Windows File recovery tools in MAC OS X File recovery in Linux Recovering deleted partitions Password protection Password types How a Password Cracker Works Password Cracking Techniques Default Passwords Using Rainbow Tables to Crack Hash Microsoft Authentication Cracking System Passwords Bypassing BIOS Passwords Tools for resetting administrator passwords Tools for cracking application passwords Tools for cracking system passwords Steganography and steganalysis Hiding data in structures file system Obfuscation of traces Erasing artifacts Rewriting data and metadata Encryption Encrypting file system (EFS) Data recovery tools EFS Encrypted network protocols Packers Rootkits Detecting rootkits Steps for detecting rootkits Minimizing traces Exploiting bugs in forensic tools Detection forensic tools
Deleting data/files What happens when you delete a file in Windows?
What happens when you delete a file in Windows?
Windows Recycle Bin Where the Recycle Bin is stored in FAT and NTFS systems How the Recycle Bin works Corruption of the INFO2 file Corruption of files in the Recycle Bin Corruption of the Recycle Bin directory
Recycle bin storage location in FAT and NTFS systems
How the shopping cart works
INFO2 file corruption
Damage to files in the Recycle Bin
Recycle Bin directory corruption
File recovery File recovery tools in Windows File recovery tools in MAC OS X File recovery in Linux Recovering deleted partitions
File recovery tools in Windows
File recovery tools in MAC OS X
File recovery in Linux
Recovering deleted partitions
Password protection Types of passwords How a password cracker works Password cracking techniques Default passwords Using rainbow tables to crack hashes Microsoft authentication Hacking system passwords Bypassing BIOS passwords Tools for resetting administrator password Tools for cracking application passwords Tools for cracking system passwords passwords
Password Types
The work of a password cracker
Password Cracking Techniques
Default passwords
Using rainbow tables to crack hashes
Microsoft Authentication
Hacking system passwords
Bypass BIOS passwords
Tools to reset admin password
Tools for cracking application passwords
Tools for cracking system passwords
Steganography and steganalysis
Hiding data in file system structures
Obfuscation of traces
Erasing artifacts
Rewriting Data and Metadata
Encryption Encrypting File System (EFS) EFS Data Recovery Tools
Encrypting File System (EFS)
EFS Data Recovery Tools
Encrypted network protocols
Packers
Rootkits Detecting Rootkits Steps to Detect Rootkits
Rootkit detection
Steps to Detect Rootkits
Minimizing footprints
Exploiting errors in forensic tools
Detection of forensic tools
Countermeasures against anti-forensics
Tools that complicate forensic examination
Using software to crack application passwords
Steganography detection
Module 6. Forensic examination of operating systems (4 ac. h.)
Introduction to OS Forensics
Forensic analysis WINDOWS
Windows Forensics Methodology Collecting Volatile Information System Time Registered Users Open Files Network Information Network connections Process information Process and port mappings Process memory Network status Print spool files Other important information Collecting non-volatile information File systems Registry settings Security identifiers (SIDs) Event logs ESE database file Connected devices Slack Space Virtual memory Hibernation files File paging Search index Find hidden partitions Hidden alternate streams Other non-volatile information Windows memory analysis Virtual hard disks (VHD) Memory dump Structure of EProcess Process creation mechanism Analyzing memory contents Analyzing process memory Extracting a process image Collecting contents from process memory Analyzing the Windows registry Registry Device Registry Structure Registry as a Log File Registry Analysis System Information Time Zone Information Public Folders Wireless SSIDs Service volume shadow copy System boot User login User activity Startup registry keys USB devices Mounted devices Activity tracking users UserAssist keys MRU lists Connecting to other systems Recovery point analysis Determining startup locations Cache, Cookie and history analysis Mozilla Firefox Google Chrome Microsoft Edge and Internet Explorer Windows File Analysis System Restore Points Prefetch Files Shortcuts Image Files Metadata Research What is Metadata Types metadata Metadata in different file systems Metadata in PDF files Metadata in Word documents Metadata analysis tools Logs What are events Types of login events system Event log file format Organization of event records Structure ELF_LOGFILE_HEADER Log record structure Windows 10 event logs Forensic log analysis Events Windows Forensics Tools
Collection of volatile information System time Registered users Open files Network information Network connections Process information Process and port mappings Process memory Network status Print spooler files Other important information
System time
Registered users
Open files
Network information
Network connections
Process Information
Process and port mapping
Process memory
Network status
Print Queue Files
Other important information
Non-volatile information collection File systems Registry settings Security identifiers (SIDs) Event logs ESE database file Connected devices Slack Space Virtual Memory Hibernation Files Page File Search Index Find Hidden Partitions Hidden Alternate Streams Other Non-Volatile information
File systems
Registry Settings
Security Identifiers (SIDs)
Event logs
ESE Database File
Connected devices
Slack Space
Virtual memory
Hibernate files
Swap file
Search index
Find hidden sections
Hidden alternative streams
Other non-volatile information
Windows Memory Analysis Virtual Hard Disks (VHD) Memory Dump EProcess Structure Creation Mechanism process Analyzing memory contents Analyzing process memory Extracting a process image Collecting contents from memory process
Virtual Hard Disks (VHD)
Memory dump
EProcess structure
Process creation mechanism
Memory content analysis
Process memory analysis
Retrieving a Process Image
Collecting contents from process memory
Windows Registry Analysis Registry Device Registry Structure Registry as a Log File Registry Analysis System Information Time Zone Information Public Folders Wireless SSIDs Volume Shadow Copy Service System Boot User Login User Activity USB Startup Registry Keys devices Mounted devices User activity tracking UserAssist keys MRU lists Connecting to other systems Recovery point analysis Determining launch sites
Registry device
Registry structure
Registry as a log file
Registry Analysis
System information
Time zone information
Shared folders
Wireless SSIDs
Volume Shadow Copy Service
System boot
User Login
User activity
Startup registry keys
USB devices
Mountable devices
User activity tracking
UserAssist keys
MRU Lists
Connecting to other systems
Recovery point analysis
Determining launch sites
Cache, Cookie and History Analysis Mozilla Firefox Google Chrome Microsoft Edge and Internet Explorer
Mozilla Firefox
Google Chrome
Microsoft Edge and Internet Explorer
Windows file analysis System restore points Prefetch files Shortcuts Image files
System restore points
Prefetch files
Shortcuts
Image files
Metadata Research What is Metadata Types of Metadata Metadata in Different File Systems Metadata in PDF Files Metadata in Word Documents Metadata Analysis Tools
What is metadata
Metadata types
Metadata in different file systems
Metadata in PDF Files
Metadata in Word Documents
Metadata Analysis Tools
Logs What are Events Types of Login Events Event Log File Format Organizing Event Records ELF_LOGFILE_HEADER Structure Log Record Structure Windows 10 Event Logs Forensic Log Analysis events
What are events
Types of login events
Event Log File Format
Organizing Event Records
Structure ELF_LOGFILE_HEADER
Log Entry Structure
Windows 10 Event Logs
Forensic analysis of event logs
Windows Forensics Tools
LINUX Forensics Shell Commands Linux Log Files Volatile Data Collection Non-Volatile Data Collection Swap Area
Shell commands
Linux log files
Volatile Data Collection
Non-volatile data collection
Swap area
MAC Forensics Introduction to MAC Forensics MAC Forensics Data Log Files Directories MAC Forensics Tools
Introduction to MAC Forensics
MAC Forensic Data
Log files
Catalogs
MAC Forensics Tools
Discover and extract materials for analysis using OSForensics
Retrieving information about running processes using Process Explorer
Analyzing Events Using Event Log Explorer
Performing Forensic Investigation Using Helix
Collecting volatile data in Linux
Analysis of non-volatile data in Linux
Module 7. Network investigations, logs and dumps of network traffic (4 ac. h.)
Introduction to Network Forensics What is Network Forensics Log and Real-Time Analysis Network Vulnerabilities Network Attacks Where to Look for Evidence
What is network forensics
Log and real-time analysis
Network vulnerabilities
Network attacks
Where to look for evidence
Basic Logging Concepts Log Files as Evidence Laws and Regulations Legality of Using Logs Records of Regular Activities as Evidence
Log files as evidence
Laws and regulations
Legality of using magazines
Records of regular activities as evidence
Event correlation What is event correlation Types of event correlation Prerequisites for event correlation Approaches to event correlations Ensuring log files are accurate Record everything Saving time Why synchronize time computers? What is Network Time Protocol (NTP)? Using multiple sensors Don't lose logs
What is event correlation
Types of Event Correlation
Prerequisites for event correlation
Approaches to event correlation
Ensuring the accuracy of log files
Record everything
Saving time
Why synchronize computer time?
What is Network Time Protocol (NTP)?
Using multiple sensors
Don't lose magazines
Log Management Log Management Infrastructure Features Log Management Problems Solving Log Management Problems Centralized logging Syslog protocol Ensure system integrity Control access to logs Digital signature, encryption and checksums
Log Management Infrastructure Features
Log management issues
Solving log management problems
Centralized logging
Syslog protocol
Ensuring system integrity
Log access control
Digital signature, encryption and checksums
Log Analysis Network Forensics Engine Log Collection and Analysis Tools Router Log Analysis Collection information from the ARP table Analyzing firewall logs Analyzing IDS logs Analyzing Honeypot logs Analyzing DHCP logs Analyzing logs ODBC
Network forensic analysis engine
Log collection and analysis tools
Analyzing Router Logs
Collecting information from the ARP table
Firewall Log Analysis
IDS log analysis
Honeypot log analysis
DHCP Log Analysis
ODBC Log Analysis
Studying Network Traffic Why study network traffic? Collecting evidence through sniffing Wireshark - sniffer N1 Network packet analyzers
Why study network traffic?
Collecting evidence through sniffing
Wireshark – N1 sniffer
Network packet analyzers
IDS log analysis
Documenting Network Evidence
Reconstruction of evidence
Log collection and analysis using GFI EventsManager
Exploring syslog data using XpoLog Center Suite
Investigate network attacks using Kiwi Log Viewer
Investigate network traffic using Wireshark
Module 8. Investigation of hacking of web servers (2 ac. h.)
Introduction to Web Application Forensics Web Application Architecture Challenges in Web Application Forensics
Web Application Architecture
Problems of forensic investigation of web applications
Investigating Web Attacks Symptoms of a Web Application Attack Overview of Web Application Threats Investigating Web Attacks
Symptoms of a web application attack
Overview of web application threats
Web Attack Research
Examining IIS Apache Web Server Logs
IIS
Apache
Investigating cross-site scripting (XSS) attacks
Investigating SQL Injection Attacks
Investigating cross-site request forgery (CSRF) attacks
Investigating code injection attacks
Investigating Cookie Poisoning Attacks
Web Attack Detection Tools
Analysis of domains and IP addresses
Investigation of an attack on a web server
Module 9. Investigation of hacking of database servers (2 ac. h.)
Forensic examination of database management systems (DBMS)
MSSQL forensics Data storage in SQL server Where to find evidence in DBMS Volatile data collection Data files and active transaction logs Log collection active transactions Database plan cache SQL server events in Windows logs SQL server trace files SQL server error logs MS forensics tools SQL
Storing data in SQL server
Where can you find evidence in the DBMS?
Volatile Data Collection
Data files and active transaction logs
Collecting active transaction logs
Database plan cache
SQL server events in Windows logs
SQL Server Trace Files
SQL Server Error Logs
MS SQL Forensic Tools
MySQL Forensics MySQL Architecture Data Catalog Structure MySQL Forensics View Information Schema MySQL Forensics Tools
MySQL architecture
Data directory structure
MySQL forensics
Viewing an Information Schema
MySQL Forensics Tools
MySQL Forensic Analysis Examples
Extracting databases from an Android device using Andriller
Analyzing SQLite databases using DB Browser for SQLite
Perform forensic analysis of a MySQL database
Module 10. Investigation of cloud technologies (2 ac. h.)
Cloud Computing Concepts Types of Cloud Computing Separation of Responsibilities in the Cloud Cloud Deployment Models Threats of Cloud Technologies Attacks on Cloud Solutions
Types of Cloud Computing
Separation of responsibilities in the cloud
Cloud Deployment Models
Threats of cloud technologies
Attacks on cloud solutions
Cloud forensics
Crimes in the cloud Case Study: the cloud as a subject Case Study: the cloud as an object Case Study: the cloud as a tool
Case Study: Cloud as a Subject
Case Study: Cloud as an Object
Case Study: Cloud as a Tool
Cloud Forensics: Stakeholders and Their Roles
Cloud Forensics Issues Architecture and Identification Data Collection Logs Legal Aspects Analysis Forensics Issue Categories
Architecture and Identity
Data collection
Magazines
Legal aspects
Analysis
Categories of forensic problems
Cloud storage research
Forensic investigation of the Dropbox service Artifacts of the Dropbox web portal Artifacts of the Dropbox client on Windows
Artifacts of the Dropbox web portal
Dropbox client artifacts on Windows
Forensic investigation of the Google Drive service Artifacts of the Google Drive web portal Artifacts of the Google Drive client in Windows
Artifacts of the Google Drive web portal
Google Drive client artifacts on Windows
Cloud Forensics Tools
DropBox Forensic Analysis
Forensic analysis of Google Drive
Module 11. Investigation of malicious software (4 ac. h.)
Malware Concepts Types of Malware Different Ways Malware Infiltrates a System Common methods used by attackers to spread malware online Components malware
Types of malware
Various ways for malware to enter a system
Common methods used by attackers to distribute malware online
Malware components
Malware Forensics Why Analyze Malware Identification and Extraction malware Laboratory for malware analysis Preparing a test bench for malware analysis programs
Why analyze malware
Malware identification and extraction
Malware Analysis Lab
Preparing a test bench for malware analysis
Malware Analysis Tools
General rules for malware analysis
Organizational issues of malware analysis
Types of Malware Analysis
Static analysis Static malware analysis: file fingerprinting Online malware analysis services Local and network malware scanning Perform string searches Identify packaging/obfuscation methods Find information about portable executables (PE) Determining file dependencies Disassembling malware Analysis tools malware
Static malware analysis: file fingerprinting
Online malware analysis services
Local and network malware scanning
Performing a string search
Defining packaging/obfuscation methods
Finding information about portable executables (PE)
Determining File Dependencies
Disassembling malware
Malware Analysis Tools
Dynamic analysis Process monitoring File and folder monitoring Registry monitoring Network activity monitoring Monitoring ports Monitoring DNS Monitoring API calls Monitoring device drivers Monitoring startup programs Monitoring services Windows
Process monitoring
Monitoring files and folders
Registry monitoring
Network activity monitoring
Port monitoring
DNS Monitoring
API Call Monitoring
Device Driver Monitoring
Monitoring startup programs
Windows Services Monitoring
Analysis of malicious documents
Malware analysis problems
Performing a static analysis of a suspicious file
Dynamic malware analysis
Analysis of a malicious PDF file
Scan PDF files using network resources
Scanning suspicious office documents
Module 12. Forensic examination of email (2 ac. h.)
Email system Email clients Email server SMTP server POP3 server IMAP server The importance of managing electronic documents
Mail clients
Email server
SMTP server
POP3 server
IMAP server
The Importance of Electronic Document Management
Crimes related to email Spam Mail hacking Mail storm Phishing Email spoofing mail Illegal messages Identity fraud Chain letters Criminal chronicle
Spam
Mail hacking
Mail storm
Phishing
Email spoofing
Illegal messages
Identity Fraud
Letters of happiness
Crime chronicle
Email Message Email Message Headers List of Common Email Headers
Email headers
List of typical mail headers
Steps to Investigating Email Crimes Obtaining Authorization to Search, Seize, and Investigate Investigating Email Messages Copy email messages View message headers in Microsoft Outlook in AOL in Apple Mail in Gmail in Yahoo Mail Analyze email message headers Checking additional files (.pst / .ost) Checking email validity Investigating IP addresses Tracking email origins Checking information header Webmail tracking Collecting email archives Email archives Contents of email archives Local archive Server archive Recovery deleted emails Investigating email logs Linux email server logs >Microsoft Exchange email server logs Server logs Novell email
Obtaining permission for inspection, seizure and investigation
Email Research
Copying email messages
View message headers in Microsoft Outlook in AOL in Apple Mail in Gmail in Yahoo Mail
in Microsoft Outlook
on AOL
in Apple Mail
in Gmail
in Yahoo Mail
Analyzing email headers Checking additional files (.pst / .ost) Checking email validity Researching IP addresses
Checking additional files (.pst / .ost)
Email Validation Check
IP address research
Email origin tracking Checking header information Webmail tracking
Checking header information
Webmail Tracking
Collection of email archives Email archives Contents of email archives Local archive Server archive Recovering deleted emails
Email Archives
Contents of email archives
Local archive
Server archive
Recovering Deleted Emails
Investigating Email Logs Linux Email Server Logs >Microsoft Exchange Email Server Logs Novell Email Server Logs
Linux Email Server Logs
>Microsoft Exchange Email Server Logs
Novell Email Server Logs
Forensic Tools
Email Crime Laws
Recover Deleted Email with Recover My Email
Cyber ​​Crime Research with Paraben Email Examiner
Tracing an Email Using eMailTrackerPro
Module 13. Investigation of hacking of mobile devices (2 ac. h.)
Forensic examination of mobile devices The need for forensic examination Main threats to mobile devices
The need for forensic examination
Top threats to mobile devices
Mobile devices and forensics
Mobile OS and Forensics Architectural Layers of Mobile Devices Android Architectural Stack Android Boot Process iOS architecture iOS boot process Normal and DFU booting iPhone booting in DFU mode Mobile storage and evidence areas
Architectural layers of mobile devices
Android architectural stack
Android boot process
iOS architecture
iOS download process
Booting in normal mode and in DFU mode
Boot iPhone into DFU mode
Mobile storage and evidence storage
What needs to be done before the investigation? Prepare a forensic workstation Build an investigative team Consider policies and laws Obtain permission for research Assess risks Create a set of forensic tools examination
Prepare a workstation for forensic examination
Build an investigative team
Consider policies and laws
Obtain permission for research
Assess risks
Create a set of forensic tools
Mobile phone evidence analysis
Mobile device forensics process Collecting evidence Documenting a crime scene Documenting evidence Preserving evidence A set of rules for handling mobile phone Containment of mobile phone signal Packaging, transportation and storage of evidence Imaging Tools for creating mobile disk images devices Bypass phone lock Bypass Android phone lock password Bypass iPhone code Enabling USB debugging Techniques for removing platform protection Collection and analysis information Collection of evidence from mobile devices Data collection methods Cellular network Subscriber Identity Module (SIM) Logical data collection Physical data collection Isolation homogeneous data sets SQLite database extraction Mobile data collection tools Creating an investigation report Investigation report template mobile device
Gathering evidence
Documenting a crime scene Documenting evidence Preserving evidence A set of rules for handling mobile phone Containment of mobile phone signal Packaging, transportation and storage evidence
Documenting evidence
Preservation of evidence
A set of rules for handling a mobile phone
Mobile phone signal jamming
Packaging, transportation and storage of evidence
Removing an image Tools for creating a disk image of mobile devices Bypassing phone lock Bypass Android Phone Lock Password Bypass iPhone Code Enable USB Debugging Removal Techniques platforms
Tools for creating disk images of mobile devices
Bypass phone lock
Bypass Android Phone Lock Password
iPhone Code Bypass
Enable USB Debugging
Techniques for removing platform protection
Collection and analysis of information Collection of evidence from mobile devices Data collection methods Cellular network Subscriber identification module (SIM) Logical collection data Physical data collection Isolation of homogeneous data sets SQLite database extraction Tools for collecting data from mobile devices
Collecting evidence from mobile devices
Data collection methods
Cellular network
Subscriber Identity Module (SIM)
Logical data collection
Physical data collection
Isolation of homogeneous data arrays
Extracting the SQLite Database
Mobile data collection tools
Create an Investigation Report Mobile Device Investigation Report Template
Mobile Device Research Report Template
Forensic analysis of a mobile device image and retrieval of deleted files using Autopsy
Researching an Android Device Using Andriller
Module 14. Preparation of an investigation report (2 ac. h.)
Preparing an Investigation Report Forensic Investigation Report Important Aspects of a Good Report Template forensic report Classification of reports Guidelines for writing a report Writing tips report
Forensic Investigation Report
Important aspects of a good report
Forensic Science Report Template
Report classification
Guide to Writing a Report
Tips for writing a report
Testimony of an Expert Witness Who is an “Expert Witness”? The Role of the Expert Witness Technical Witness and Expert Witness Dewbert Standard Freie Standard Rules of Good expert witness The importance of a resume Professional code of an expert witness Preparing to testify testimony
Who is an “Expert Witness”?
The role of the expert witness
Technical Witness and Expert Witness
Deubert standard
Freie standard
Rules for a Good Expert Witness
The Importance of a Resume
Professional Code of Expert Witness
Preparing to testify
Testimony in court General procedures in court proceedings General ethics when testifying The importance of graphics in testimony How to avoid problems with testimony Testimony during direct examination Testimony during cross-examination Testimony included in the materials affairs
General procedure for legal proceedings
General ethics when testifying
The meaning of graphics in readings
How to avoid problems with readings
Witnessing during direct examination
Testifying during cross-examination
Testimony added to the case file
Working with the media
Preparation of an incident investigation report
Module 15. Final test (4 ak. h.)