digital-forensics-labs/digital-forensics-lab
1
0
Fork 0
mirror of https://github.com/frankwxu/digital-forensics-lab.git synced 2026-02-21 11:17:52 +00:00
Code Issues Packages Projects Releases Wiki Activity
128 Commits 1 Branch 0 Tags
e296ab0a992f5c659fb26b10b81ea3bb8b9ba345
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Frank Xu e296ab0a99 add a graph
2021-02-14 11:16:09 -05:00
Email_Harassment
add readme
2021-01-13 21:21:37 -05:00
Help
inital commit
2021-01-10 19:28:10 -05:00
Illegal_Possession_Images
add readme
2021-01-13 22:16:33 -05:00
NIST_Data_Leakage_Case
add stix
2021-01-26 11:14:55 -05:00
STIX_for_digital_forensics
add a graph
2021-02-14 11:16:09 -05:00
README.md
change tools
2021-01-19 16:42:52 -05:00

README.md

Digital Forensics Lab

Features of hands-on labs

===================

  • Hands-on Digital Forensics Labs: designed for Students and Faculty
  • Linux-based lab: All labs are purely based on Kali Linux
  • Lab screenshots: Each lab has a PPT with lab screenshots
  • Comprehensive: Cover many topics in digital forensics
  • Free: All tools are open source
  • Updated: The project is funded by DOJ and will keep updating

Table of Contents (updating)

Investigate NIST Data Leakage

==============

The case study is to investigate an image involving intellectual property theft. The study include

  • A large and complex case study created by NIST. You can access the Senario, DD/Encase images. You can also find the solutions on their website.
  • 13 hands-on labs/topics in digital forensics

Topics Covered

Labs Topics Covered Size of PPTs
Lab 0 Environment Setting Up 2M
Lab 1 Windows Registry 3M
Lab 2 Windows Event and XML 3M
Lab 3 Web History and SQL 3M
Lab 4 Email Investigation 3M
Lab 5 File Change History and USN Journal 2M
Lab 6 Network Evidence and shellbag 2M
Lab 7 Network Drive and Windows shellbag 5M
Lab 8 Master File Table ($MFT) Analysis 4M
Lab 9 Windows Search History 4M
Lab 10 Windows Volume Shadow Copy Analysis 6M
Lab 11 Data Carving 3M
Lab 12 Crack Windows Passwords 2M

Investigating Illegal Possession of Images

=====================

The case study is to investigate the illegal possession of Rhino images. This image was contributed by Dr. Golden G. Richard III, and was originally used in the DFRWS 2005 RODEO CHALLENGE. NIST hosts the USB DD image. A copy of the image is also available in the repository.

Topics Covered

Labs Topics Covered Size of PPTs
Lab 0 HTTP Analysis using Wireshark (text) 3M
Lab 1 HTTP Analysis using Wireshark (image) 6M
Lab 2 The Sleuth Kid Tutorial 1M
Lab 3 Rhion Possession Investigation 1: File recovering 9M
Lab 4 Rhion Possession Investigation 2: Steganography 4M
Lab 5 Rhion Possession Investigation 3: Extract Evidence from FTP Traffic 3M
Lab 6 Rhion Possession Investigation 4: Extract Evidence from HTTP Traffic 5M

Investigating Email Harassment

=========

The case study is to investigate the harassment email sent by a student to a faculty member. The case is hosted by digitalcorpora.org. You can access the senario description and network traffic from their website. The repository only provides lab instructions.

Topics Covered

Labs Topics Covered Size of PPTs
Lab 0 Investigating Harassment Email using Wireshark 3M
Lab 1 t-shark Forensic Introduction 2M
Lab 2 Investigating Harassment Email using t-shark 2M

Tools Used

========

Name version vendor
Wine 6.0 https://source.winehq.org/git/wine.git/
Vinetto 0.98 https://github.com/AtesComp/Vinetto
imgclip 05.12.2017 https://github.com/Arthelon/imgclip
Tree 06.01.2020 https://github.com/kddeisz/tree
RegRipper 3.0 https://github.com/keydet89/RegRipper3.0
Windows-Prefetch-Parser 05.01.2016 https://github.com/PoorBillionaire/Windows-Prefetch-Parser.git
python-evtx 05.21.2020 https://github.com/williballenthin/python-evtx
xmlstarlet 1.6.1 https://github.com/fishjam/xmlstarlet
hivex 09.15.2020 https://github.com/libguestfs/hivex
libesedb 01.01.2021 https://github.com/libyal/libesedb
pasco-project 02.09.2017 https://annsli.github.io/pasco-project/
libpff 01.17.2021 https://github.com/libyal/libpff
USN-Record-Carver 05.21.2017 https://github.com/PoorBillionaire/USN-Record-Carver
USN-Journal-Parser 1212.2018 https://github.com/PoorBillionaire/USN-Journal-Parser
JLECmd 1.4.0.0 https://f001.backblazeb2.com/file/EricZimmermanTools/JLECmd.zip
libnl-utils 3.2.27 https://packages.ubuntu.com/xenial/libs/libnl-utils
time_decode 12.13.2020 https://github.com/digitalsleuth/time_decode
analyzeMFT 2.0.4 https://github.com/dkovar/analyzeMFT
libvshadow 12.20.2020 https://github.com/libyal/libvshadow
recentfilecache-parser 02.13.2018 https://github.com/prolsen/recentfilecache-parser

Contribution

=============

  • Frank Xu
  • Malcolm Hayward
  • Richard (Max) Wheeless
Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
cybercybercrimecybersecuritycybersecurity-educationdigitaleducationforensicsfreehands-oninvestigation
Readme 2.2 GiB
Languages
Jupyter Notebook 38.1%
Roff 32.5%
HTML 16.6%
Python 3.1%
Rich Text Format 2.3%
Other 7.4%