mirror of
https://github.com/frankwxu/digital-forensics-lab.git
synced 2026-04-10 12:13:44 +00:00
87 lines
2.5 KiB
Markdown
87 lines
2.5 KiB
Markdown
# Digital Forensics Lab
|
|
|
|
<img src="https://upload.wikimedia.org/wikipedia/commons/3/3c/BJA_Logo.png" width="150">
|
|
|
|
|
|
### Features of hands-on lab
|
|
===================
|
|
- Hands-on Digital Forensics Labs: Designed for Students and Faculty
|
|
- Purely based on Linux: Using Kali Linux
|
|
- Comprehansive: Cover many topics in digial forensics
|
|
- Free: All tools are open source
|
|
- Upated: The project is funded by DOJ and NSF and will keep updating
|
|
---
|
|
|
|
## Table of Contents (updating)
|
|
- Case Study
|
|
* [NIST Data Leakage](#NIST-Data-Leakage)
|
|
* [Email Harassment](#Email-Harassment)
|
|
* [Illegel Image Possesion](#Illegel-Image-Possesion)
|
|
- [Tools Used](#Tools-Used)
|
|
|
|
|
|
---
|
|
### NIST Data Leakage
|
|
==============
|
|
|
|
The case study is to investigate an image involving intellectual property theft. The study include
|
|
|
|
* A large and complex image created by [NIST](https://www.cfreds.nist.gov/data_leakage_case/data-leakage-case.html)
|
|
* 13 hands-on labs/topics in digital forensics
|
|
* Each lab has an PPT with lab screenshots
|
|
|
|
Topics Covered
|
|
|
|
| Labs | Topics Covered |Size of PPTs |
|
|
| --- | ----------- |----------- |
|
|
| Lab 0 | Environment Setting Up | 2M |
|
|
| Lab 1 | Windows Registry | 3M |
|
|
| Lab 2 | Windows Event and XML |3M |
|
|
| Lab 3 | Web History and SQL | 3M|
|
|
| Lab 4 | Email Investigation |3M |
|
|
| Lab 5 | File Change History and USN Journal |2M |
|
|
| Lab 6 | Network Evidence and shellbag |2M |
|
|
| Lab 7 | Network Drive and Windows shellbag |5M |
|
|
| Lab 8 | $MFT (Master File Table) Analysis |4M |
|
|
| Lab 9 | Windows Search History | 4M|
|
|
| Lab 10 | Windows Volume Shadow Copy Analysis |6M |
|
|
| Lab 11 | Data Carving |3M |
|
|
| Lab 12 | Crack Windows Passwords | 2M|
|
|
|
|
---
|
|
### Email Harassment
|
|
=========
|
|
---
|
|
### Illegel Image Possesion
|
|
============
|
|
---
|
|
### Tools Used
|
|
========
|
|
* Wine
|
|
* https://github.com/AtesComp/Vinetto
|
|
* https://github.com/Arthelon/imgclip
|
|
* Tree (apt-get install tree)
|
|
* https://github.com/keydet89/RegRipper3.0
|
|
* https://github.com/PoorBillionaire/Windows-Prefetch-Parser.git
|
|
* apt-get install python3-evtx
|
|
* apt-get install xmlstarlet
|
|
* apt-get install libhivex-bin
|
|
* apt-get install libesedb-utils
|
|
* apt-get install pasco
|
|
* https://github.com/libyal/libpff apt-get install pff-tools
|
|
* pip install usncarve
|
|
* pip install usnparser
|
|
* JLECmd wget https://f001.backblazeb2.com/file/EricZimmermanTools/JLECmd.zip
|
|
* apt-get install liblink-tuils
|
|
* https://github.com/digitalsleuth/time_decode
|
|
* pip install analyzeMFT
|
|
* https://github.com/libyal/libvshadow
|
|
* https://github.com/prolsen/recentfilecache-parser
|
|
|
|
|
|
## Contribution
|
|
=============
|
|
* Frank Xu
|
|
* Malcolm Hayward
|
|
* Richard (Max) Wheeless
|