diff --git a/NIST_Data_Leakage_Case/NIST_Data_Leakage_07_NetworkDrive_Cloud.pptx b/NIST_Data_Leakage_Case/NIST_Data_Leakage_07_NetworkDrive_Cloud.pptx index f5f30eb..dbeb6e6 100644 Binary files a/NIST_Data_Leakage_Case/NIST_Data_Leakage_07_NetworkDrive_Cloud.pptx and b/NIST_Data_Leakage_Case/NIST_Data_Leakage_07_NetworkDrive_Cloud.pptx differ diff --git a/NIST_Data_Leakage_Case/NIST_Data_Leakage_08_CD_$MFT.pptx b/NIST_Data_Leakage_Case/NIST_Data_Leakage_08_CD_$MFT.pptx index 28f3325..86d7db8 100644 Binary files a/NIST_Data_Leakage_Case/NIST_Data_Leakage_08_CD_$MFT.pptx and b/NIST_Data_Leakage_Case/NIST_Data_Leakage_08_CD_$MFT.pptx differ diff --git a/NIST_Hacking_Case/NIST_Hacking_Case.pptx b/NIST_Hacking_Case/NIST_Hacking_Case.pptx index 3393b0c..3ef68ce 100644 Binary files a/NIST_Hacking_Case/NIST_Hacking_Case.pptx and b/NIST_Hacking_Case/NIST_Hacking_Case.pptx differ diff --git a/README.md b/README.md index 5a04812..84232e3 100644 --- a/README.md +++ b/README.md @@ -101,22 +101,22 @@ The [case study](https://github.com/frankwxu/digital-forensics-lab/tree/main/NIS **Topics Covered** -| Labs | Topics Covered | Size of PPTs | -| ------ | ----------------------------------------------------------------------------------------------------------- | ------------ | -| Lab 0 | [Environment Setting Up](NIST_Data_Leakage_Case/NIST_Data_Leakage_00_Env_Setting.pptx) | 2M | -| Lab 1 | [Windows Registry](NIST_Data_Leakage_Case/NIST_Data_Leakage_01_Registry.pptx) | 3M | -| Lab 2 | [Windows Event and XML](NIST_Data_Leakage_Case/NIST_Data_Leakage_02._WinEvt_XML.pptx) | 3M | -| Lab 3 | [Web History and SQL](NIST_Data_Leakage_Case/NIST_Data_Leakage_02._WinEvt_XML.pptx) | 3M | -| Lab 4 | [Email Investigation](NIST_Data_Leakage_Case/NIST_Data_Leakage_04_Email_USB.pptx) | 3M | -| Lab 5 | [File Change History and USN Journal](NIST_Data_Leakage_Case/NIST_Data_Leakage_05_USNJournaling.pptx) | 2M | -| Lab 6 | [Network Evidence and shellbag](NIST_Data_Leakage_Case/NIST_Data_Leakage_06_Network_Shellbag_Jumplist.pptx) | 2M | -| Lab 7 | [Network Drive and Cloud](NIST_Data_Leakage_Case/NIST_Data_Leakage_07_NetworkDrive_Cloud.pptx) | 5M | -| Lab 8 | [Master File Table ($MFT) Analysis](NIST_Data_Leakage_Case/NIST_Data_Leakage_08_CD_%24MFT.pptx) | 4M | -| Lab 9 | [Windows Search History](NIST_Data_Leakage_Case/NIST_Data_Leakage_08_CD_%24MFT.pptx) | 4M | -| Lab 10 | [Windows Volume Shadow Copy Analysis](NIST_Data_Leakage_Case/NIST_Data_Leakage_10_Vol_Shadow_Copy.pptx) | 6M | -| Lab 11 | [Recycle Bin and Anti-Forensics](NIST_Data_Leakage_Case/NIST_Data_Leakage_11_RecycleBin_AntiForensics.pptx) | 3M | -| Lab 12 | [Data Carving](NIST_Data_Leakage_Case/NIST_Data_Leakage_12_CD-R_Data_Carving.pptx) | 3M | -| Lab 13 | [Crack Windows Passwords](NIST_Data_Leakage_Case/NIST_Data_Leakage_13_Crack_Win10_Login_Password.pptx) | 2M | +| Labs | Topics Covered | Size of PPTs | +| ------ | ------------------------------------------------------------------------------------------------------------------------ | ------------ | +| Lab 0 | [Environment Setting Up](NIST_Data_Leakage_Case/NIST_Data_Leakage_00_Env_Setting.pptx) | 2M | +| Lab 1 | [Windows Registry](NIST_Data_Leakage_Case/NIST_Data_Leakage_01_Registry.pptx) | 3M | +| Lab 2 | [Windows Event and XML](NIST_Data_Leakage_Case/NIST_Data_Leakage_02._WinEvt_XML.pptx) | 3M | +| Lab 3 | [Web History and SQL](NIST_Data_Leakage_Case/NIST_Data_Leakage_02._WinEvt_XML.pptx) | 3M | +| Lab 4 | [Email Investigation](NIST_Data_Leakage_Case/NIST_Data_Leakage_04_Email_USB.pptx) | 3M | +| Lab 5 | [File Change History and USN Journal](NIST_Data_Leakage_Case/NIST_Data_Leakage_05_USNJournaling.pptx) | 2M | +| Lab 6 | [Network Evidence and shellbag](NIST_Data_Leakage_Case/NIST_Data_Leakage_06_Network_Shellbag_Jumplist.pptx) | 2M | +| Lab 7 | [Network Drive and Cloud](NIST_Data_Leakage_Case/NIST_Data_Leakage_07_NetworkDrive_Cloud.pptx) | 5M | +| Lab 8 | [Master File Table ($MFT) and Log File ($logFile) Analysis](NIST_Data_Leakage_Case/NIST_Data_Leakage_08_CD_%24MFT.pptx) | 4M | +| Lab 9 | [Windows Search History](NIST_Data_Leakage_Case/NIST_Data_Leakage_08_CD_%24MFT.pptx) | 4M | +| Lab 10 | [Windows Volume Shadow Copy Analysis](NIST_Data_Leakage_Case/NIST_Data_Leakage_10_Vol_Shadow_Copy.pptx) | 6M | +| Lab 11 | [Recycle Bin and Anti-Forensics](NIST_Data_Leakage_Case/NIST_Data_Leakage_11_RecycleBin_AntiForensics.pptx) | 3M | +| Lab 12 | [Data Carving](NIST_Data_Leakage_Case/NIST_Data_Leakage_12_CD-R_Data_Carving.pptx) | 3M | +| Lab 13 | [Crack Windows Passwords](NIST_Data_Leakage_Case/NIST_Data_Leakage_13_Crack_Win10_Login_Password.pptx) | 2M | --- @@ -175,7 +175,7 @@ The [case study](https://github.com/frankwxu/digital-forensics-lab/tree/main/Ill ========= -The [case study](https://github.com/frankwxu/digital-forensics-lab/tree/main/NIST_Hacking_Case), including a disk image provided by [NIST](https://www.cfreds.nist.gov/Hacking_Case.html) is to investigate a hacker who intercepts internet traffic within range of Wireless Access Points. Note that the PPT is encrypted with a password as one of the major assignments. Email fxu at ubalt dot edu to ask the password if you are a faculty member. +The [case study](https://github.com/frankwxu/digital-forensics-lab/tree/main/NIST_Hacking_Case), including a disk image provided by [NIST](https://www.cfreds.nist.gov/Hacking_Case.html) is to investigate a hacker who intercepts internet traffic within range of Wireless Access Points. **Topics Covered**