digital-forensics-labs/digital-forensics-lab

mirror of https://github.com/frankwxu/digital-forensics-lab.git synced 2026-04-10 12:13:44 +00:00

Go to file

Frank Xu 67b828404a add readme

2021-01-11 10:31:51 -05:00

inital commit

2021-01-10 19:28:10 -05:00

NIST_Data_Leakage_Case

change readme

2021-01-10 19:48:04 -05:00

README.md

add readme

2021-01-11 10:31:51 -05:00

README.md

Digital Forensics Lab

Features of hands-on lab

===================

Hands-on Digital Forensics Labs: Designed for Students and Faculty
Purely based on Linux: Using Kali Linux
Comprehansive: Cover many topics in digial forensics
Free: All tools are open source
Upated: The project is funded by DOJ and NSF and will keep updating

Table of Contents (updating)

Case Study
Tools Used

NIST Data Leakage

==============

The case study is to investigate an image involving intellectual property theft. The study include

A large and complex image created by NIST
13 hands-on labs/topics in digital forensics
Each lab has an PPT with lab screenshots

Topics Covered

Labs	Topics Covered	Size of PPTs
Lab 0	Environment Setting Up	2M
Lab 1	Windows Registry	3M
Lab 2	Windows Event and XML	3M
Lab 3	Web History and SQL	3M
Lab 4	Email Investigation	3M
Lab 5	File Change History and USN Journal	2M
Lab 6	Network Evidence and shellbag	2M
Lab 7	Network Drive and Windows shellbag	5M
Lab 8	$MFT (Master File Table) Analysis	4M
Lab 9	Windows Search History	4M
Lab 10	Windows Volume Shadow Copy Analysis	6M
Lab 11	Data Carving	3M
Lab 12	Crack Windows Passwords	2M

Email Harassment

=========

Illegel Image Possesion

============

Tools used

========

Wine
https://github.com/AtesComp/Vinetto
https://github.com/Arthelon/imgclip
Tree (apt-get install tree)
https://github.com/keydet89/RegRipper3.0
https://github.com/PoorBillionaire/Windows-Prefetch-Parser.git
apt-get install python3-evtx
apt-get install xmlstarlet
apt-get install libhivex-bin
apt-get install libesedb-utils
apt-get install pasco
https://github.com/libyal/libpff apt-get install pff-tools
pip install usncarve
pip install usnparser
JLECmd wget https://f001.backblazeb2.com/file/EricZimmermanTools/JLECmd.zip
apt-get install liblink-tuils
https://github.com/digitalsleuth/time_decode
pip install analyzeMFT
https://github.com/libyal/libvshadow
https://github.com/prolsen/recentfilecache-parser

Contribution

=============

Frank Xu
Malcolm Hayward
Richard (Max) Wheeless

Languages

Jupyter Notebook 38.1%

Roff 32.5%

HTML 16.6%

Python 3.1%

Rich Text Format 2.3%

Other 7.4%