# Digital Forensics Lab

<img src="https://upload.wikimedia.org/wikipedia/commons/3/3c/BJA_Logo.png" width="150">


### Features of hands-on lab
===================
- Hands-on Digital Forensics Labs: Designed for Students and Faculty
- Purely based on Linux: Using Kali Linux
- Comprehansive: Cover many topics in digial forensics
- Free: All tools are open source
- Upated: The project is funded by DOJ and NSF and will keep updating 
---

## Table of Contents  (updating)
- Case Study
  * [NIST Data Leakage](#NIST-Data-Leakage)
  * [Email Harassment](#Email-Harassment)
  * [Illegel Image Possesion](#Illegel-Image-Possesion)
- [Tools Used](#Tools-Used)


---
### NIST Data Leakage
==============

The  case study is to investigate an image involving intellectual property theft. The study include 

* A large and complex image created by [NIST](https://www.cfreds.nist.gov/data_leakage_case/data-leakage-case.html)
* 13 hands-on labs/topics in digital forensics
* Each lab has an PPT with lab screenshots

Topics Covered

| Labs | Topics Covered |Size of PPTs |
| --- | ----------- |----------- |
| Lab 0 | Environment Setting Up | 2M  |
| Lab 1 | Windows Registry  | 3M |
| Lab 2 | Windows Event and XML |3M |
| Lab 3 | Web History and SQL | 3M|
| Lab 4 | Email Investigation  |3M |
| Lab 5 | File Change History and USN Journal  |2M |
| Lab 6 | Network Evidence and shellbag |2M |
| Lab 7 | Network Drive and Windows shellbag |5M |
| Lab 8 | $MFT (Master File Table) Analysis |4M |
| Lab 9 | Windows Search History | 4M|
| Lab 10 | Windows Volume Shadow Copy Analysis |6M |
| Lab 11 | Data Carving |3M |
| Lab 12 | Crack Windows Passwords  | 2M|

---
### Email Harassment
=========
---
### Illegel Image Possesion
============
---
### Tools Used
========
* Wine
* https://github.com/AtesComp/Vinetto
* https://github.com/Arthelon/imgclip
* Tree (apt-get install tree)
* https://github.com/keydet89/RegRipper3.0
* https://github.com/PoorBillionaire/Windows-Prefetch-Parser.git
* apt-get install python3-evtx
* apt-get install xmlstarlet
* apt-get install libhivex-bin
* apt-get install libesedb-utils 
* apt-get  install pasco
* https://github.com/libyal/libpff apt-get install pff-tools
* pip install usncarve
* pip install usnparser
* JLECmd wget https://f001.backblazeb2.com/file/EricZimmermanTools/JLECmd.zip
* apt-get install liblink-tuils
* https://github.com/digitalsleuth/time_decode
* pip install analyzeMFT
* https://github.com/libyal/libvshadow
* https://github.com/prolsen/recentfilecache-parser


## Contribution
=============
* Frank Xu
* Malcolm Hayward 
* Richard (Max) Wheeless