diff --git a/NIST_Data_Leakage_Case/NIST_Data_Leakage_00_Env_Setting.pptx b/NIST_Data_Leakage_Case/NIST_Data_Leakage_00_Env_Setting.pptx index bec383a..a2b60a5 100644 Binary files a/NIST_Data_Leakage_Case/NIST_Data_Leakage_00_Env_Setting.pptx and b/NIST_Data_Leakage_Case/NIST_Data_Leakage_00_Env_Setting.pptx differ diff --git a/NIST_Data_Leakage_Case/NIST_Data_Leakage_02._WinEvt_XML.pptx b/NIST_Data_Leakage_Case/NIST_Data_Leakage_02._WinEvt_XML.pptx index f06f56f..0861d3b 100644 Binary files a/NIST_Data_Leakage_Case/NIST_Data_Leakage_02._WinEvt_XML.pptx and b/NIST_Data_Leakage_Case/NIST_Data_Leakage_02._WinEvt_XML.pptx differ diff --git a/NIST_Data_Leakage_Case/NIST_Data_Leakage_03_WebHistory_SQL.pptx b/NIST_Data_Leakage_Case/NIST_Data_Leakage_03_WebHistory_SQL.pptx index c6f6874..60101cf 100644 Binary files a/NIST_Data_Leakage_Case/NIST_Data_Leakage_03_WebHistory_SQL.pptx and b/NIST_Data_Leakage_Case/NIST_Data_Leakage_03_WebHistory_SQL.pptx differ diff --git a/NIST_Data_Leakage_Case/NIST_Data_Leakage_04_Email_USB.pptx b/NIST_Data_Leakage_Case/NIST_Data_Leakage_04_Email_USB.pptx index ecfa7d2..928ee40 100644 Binary files a/NIST_Data_Leakage_Case/NIST_Data_Leakage_04_Email_USB.pptx and b/NIST_Data_Leakage_Case/NIST_Data_Leakage_04_Email_USB.pptx differ diff --git a/NIST_Data_Leakage_Case/NIST_Data_Leakage_05_USNJournaling.pptx b/NIST_Data_Leakage_Case/NIST_Data_Leakage_05_USNJournaling.pptx index c72030a..4eb4d57 100644 Binary files a/NIST_Data_Leakage_Case/NIST_Data_Leakage_05_USNJournaling.pptx and b/NIST_Data_Leakage_Case/NIST_Data_Leakage_05_USNJournaling.pptx differ diff --git a/NIST_Data_Leakage_Case/NIST_Data_Leakage_06_Network_Shellbag_Jumplist.pptx b/NIST_Data_Leakage_Case/NIST_Data_Leakage_06_Network_Shellbag_Jumplist.pptx index 7d9a85b..dcf88b2 100644 Binary files a/NIST_Data_Leakage_Case/NIST_Data_Leakage_06_Network_Shellbag_Jumplist.pptx and b/NIST_Data_Leakage_Case/NIST_Data_Leakage_06_Network_Shellbag_Jumplist.pptx differ diff --git a/NIST_Data_Leakage_Case/NIST_Data_Leakage_07_NetworkDrive_ShellBag.pptx b/NIST_Data_Leakage_Case/NIST_Data_Leakage_07_NetworkDrive_Cloud.pptx similarity index 96% rename from NIST_Data_Leakage_Case/NIST_Data_Leakage_07_NetworkDrive_ShellBag.pptx rename to NIST_Data_Leakage_Case/NIST_Data_Leakage_07_NetworkDrive_Cloud.pptx index caa4524..f5f30eb 100644 Binary files a/NIST_Data_Leakage_Case/NIST_Data_Leakage_07_NetworkDrive_ShellBag.pptx and b/NIST_Data_Leakage_Case/NIST_Data_Leakage_07_NetworkDrive_Cloud.pptx differ diff --git a/NIST_Data_Leakage_Case/NIST_Data_Leakage_08_CD_$MFT.pptx b/NIST_Data_Leakage_Case/NIST_Data_Leakage_08_CD_$MFT.pptx index a0550f5..28f3325 100644 Binary files a/NIST_Data_Leakage_Case/NIST_Data_Leakage_08_CD_$MFT.pptx and b/NIST_Data_Leakage_Case/NIST_Data_Leakage_08_CD_$MFT.pptx differ diff --git a/NIST_Data_Leakage_Case/NIST_Data_Leakage_09_Win_searchDB_csvsql.pptx b/NIST_Data_Leakage_Case/NIST_Data_Leakage_09_Win_searchDB_csvsql.pptx index 0ebfe45..edac33f 100644 Binary files a/NIST_Data_Leakage_Case/NIST_Data_Leakage_09_Win_searchDB_csvsql.pptx and b/NIST_Data_Leakage_Case/NIST_Data_Leakage_09_Win_searchDB_csvsql.pptx differ diff --git a/README.md b/README.md index 6375aad..101e226 100644 --- a/README.md +++ b/README.md @@ -97,26 +97,26 @@ The [P2P data leakage case study](https://github.com/frankwxu/digital-forensics- The [case study](https://github.com/frankwxu/digital-forensics-lab/tree/main/NIST_Data_Leakage_Case) is to investigate an image involving intellectual property theft. The study include - A large and complex case study created by NIST. You can access the [Senario, DD/Encase images](https://www.cfreds.nist.gov/data_leakage_case/data-leakage-case.html). You can also find the [solutions](https://www.cfreds.nist.gov/data_leakage_case/leakage-answers.pdf) on their website. -- 13 hands-on labs/topics in digital forensics +- 14 hands-on labs/topics in digital forensics **Topics Covered** -| Labs | Topics Covered | Size of PPTs | -| ------ | ------------------------------------------------------------------------------------------------------------ | ------------ | -| Lab 0 | [Environment Setting Up](NIST_Data_Leakage_Case/NIST_Data_Leakage_00_Env_Setting.pptx) | 2M | -| Lab 1 | [Windows Registry](NIST_Data_Leakage_Case/NIST_Data_Leakage_01_Registry.pptx) | 3M | -| Lab 2 | [Windows Event and XML](NIST_Data_Leakage_Case/NIST_Data_Leakage_02._WinEvt_XML.pptx) | 3M | -| Lab 3 | [Web History and SQL](NIST_Data_Leakage_Case/NIST_Data_Leakage_02._WinEvt_XML.pptx) | 3M | -| Lab 4 | [Email Investigation](NIST_Data_Leakage_Case/NIST_Data_Leakage_04_Email_USB.pptx) | 3M | -| Lab 5 | [File Change History and USN Journal](NIST_Data_Leakage_Case/NIST_Data_Leakage_05_USNJournaling.pptx) | 2M | -| Lab 6 | [Network Evidence and shellbag](NIST_Data_Leakage_Case/NIST_Data_Leakage_06_Network_Shellbag_Jumplist.pptx) | 2M | -| Lab 7 | [Network Drive and Windows shellbag](NIST_Data_Leakage_Case/NIST_Data_Leakage_07_NetworkDrive_ShellBag.pptx) | 5M | -| Lab 8 | [Master File Table ($MFT) Analysis](NIST_Data_Leakage_Case/NIST_Data_Leakage_08_CD_%24MFT.pptx) | 4M | -| Lab 9 | [Windows Search History](NIST_Data_Leakage_Case/NIST_Data_Leakage_08_CD_%24MFT.pptx) | 4M | -| Lab 10 | [Windows Volume Shadow Copy Analysis](NIST_Data_Leakage_Case/NIST_Data_Leakage_10_Vol_Shadow_Copy.pptx) | 6M | -| Lab 11 | [Recycle Bin and Anti-Forensics](NIST_Data_Leakage_Case/NIST_Data_Leakage_11_RecycleBin_AntiForensics.pptx) | 3M | -| Lab 12 | [Data Carving](NIST_Data_Leakage_Case/NIST_Data_Leakage_12_CD-R_Data_Carving.pptx) | 3M | -| Lab 13 | [Crack Windows Passwords](NIST_Data_Leakage_Case/NIST_Data_Leakage_13_Crack_Win10_Login_Password.pptx) | 2M | +| Labs | Topics Covered | Size of PPTs | +| ------ | ----------------------------------------------------------------------------------------------------------- | ------------ | +| Lab 0 | [Environment Setting Up](NIST_Data_Leakage_Case/NIST_Data_Leakage_00_Env_Setting.pptx) | 2M | +| Lab 1 | [Windows Registry](NIST_Data_Leakage_Case/NIST_Data_Leakage_01_Registry.pptx) | 3M | +| Lab 2 | [Windows Event and XML](NIST_Data_Leakage_Case/NIST_Data_Leakage_02._WinEvt_XML.pptx) | 3M | +| Lab 3 | [Web History and SQL](NIST_Data_Leakage_Case/NIST_Data_Leakage_02._WinEvt_XML.pptx) | 3M | +| Lab 4 | [Email Investigation](NIST_Data_Leakage_Case/NIST_Data_Leakage_04_Email_USB.pptx) | 3M | +| Lab 5 | [File Change History and USN Journal](NIST_Data_Leakage_Case/NIST_Data_Leakage_05_USNJournaling.pptx) | 2M | +| Lab 6 | [Network Evidence and shellbag](NIST_Data_Leakage_Case/NIST_Data_Leakage_06_Network_Shellbag_Jumplist.pptx) | 2M | +| Lab 7 | [Network Drive and Windows shellbag](NIST_Data_Leakage_Case/NIST_Data_Leakage_07_NetworkDrive_Cloud.pptx) | 5M | +| Lab 8 | [Master File Table ($MFT) Analysis](NIST_Data_Leakage_Case/NIST_Data_Leakage_08_CD_%24MFT.pptx) | 4M | +| Lab 9 | [Windows Search History](NIST_Data_Leakage_Case/NIST_Data_Leakage_08_CD_%24MFT.pptx) | 4M | +| Lab 10 | [Windows Volume Shadow Copy Analysis](NIST_Data_Leakage_Case/NIST_Data_Leakage_10_Vol_Shadow_Copy.pptx) | 6M | +| Lab 11 | [Recycle Bin and Anti-Forensics](NIST_Data_Leakage_Case/NIST_Data_Leakage_11_RecycleBin_AntiForensics.pptx) | 3M | +| Lab 12 | [Data Carving](NIST_Data_Leakage_Case/NIST_Data_Leakage_12_CD-R_Data_Carving.pptx) | 3M | +| Lab 13 | [Crack Windows Passwords](NIST_Data_Leakage_Case/NIST_Data_Leakage_13_Crack_Win10_Login_Password.pptx) | 2M | ---