Digital Media Forensics Essentials Labs

Course E004

  • Duration: Multi-Week
  • Language: English
  • Level: Foundation

Learn the security techniques used by the Internet’s most skilled professionals. This Digital Media Forensics Essentials lab bundle, which includes 19 distinct, hands-on labs, will provide you with an introduction to media collection, imaging and analysis.

Digital Media Forensics Essentials Labs Delivery Methods

  • 6-month access to CYBRScore Digital Media Forensics Essentials Labs
  • Content aligned to Digital Forensics Training: Tools and Techniques

Digital Media Forensics Essentials Labs Course Benefits

Detect, identify, and analyze malicious activityUse detection various tools and tools like Wireshark and Snort to read, capture, and analyze trafficIdentify and remove trojans, malicious files, and/or processes

Digital Media Forensics Lab Content

Students will use the open source Volatility tool to analyze a memory snapshot and determine what malicious software has infected the victim machine.

Students will confirm the validity of event-data analysis to eliminate false-positive events.

Students will run Windows Forensic Toolchest against an existing system to create a baseline that will be used for future analysis.

Students will ingest and process a previously acquired forensic image using Autopsy. The focus of the lab will be on recovering data from the image, reviewing the supplied forensic report and verifying that the image is forensically sound.

In this lab, the student will simulate browsing and downloading a malicious file from a website then learn how to detect the introduction and executions of malicious activity on a Win7 machine.

Students will use utilize two virtual machines, inside a protected network, to observe configuration changes on a known good / clean system and all of the unusual network traffic generated by the suspect software they will be analyzing. On the clean system they will use Regshot, Argon Network Switcher, Process Hacker, Process Monitor and Noriben to gather details on what the suspicious program is actually doing. On another support machine they will set up a fake DNS server to receive all suspicious traffic, and pass that traffic over to Wireshark for further analysis. This lab will continue to foster tool familiarization and will provide the students an introduction to capturing network traffic by using a simple "man-in-the-middle" system.

Students will identify access to a PFSENSE firewall through the forwarding of SYSLOG (System logs) from a Firewall to the SYSLOG service we have configured and set up on the Network. Students will then identify malicious activity through system logs.

Students will detect malicious files and processes using various tools. Students will then remove the malicious files and/or processes.

Students will identify known IOCs for Stuxnet and save them for analysis. Students will then identify malicious drivers associated with the malware, and identify AES keys in memory.

The highest risk systems are the ones with Internet facing Applications. One an attacker from the Internet is able to compromise the internal network, then it is very likely they will attempt to move to other machines on the network. The machines in the Demilitarized Zone (DMZ) are at high risk because they are not usually as protected as the computers which are part of the Internal Network.

Students will create a live image using FTK Imager and verify that the image was created successfully.

Students will use FTK Imager Lite to create a forensic image of a Windows 8 workstation. After they create the image they will perform a hash check to ensure that the image that was created is the same as what is currently running on the live system.

This is one of the labs for the Advanced Digital Media Forensics class.

This lab exercise is designed to allow the trainee to become familiar with using Network Miner.

Students will use John the Ripper and Cain and Abel to crack password protected files.

Students will participate in attack analysis/incident response, including root cause determination, to identify vulnerabilities exploited, vector/source and methods used (e.g., malware, denial of service). Students will then investigate and correlate system logs to identify missing patches, level of access obtained, unauthorized processes or programs.

In this lab we will replicate the need for Analysts to be able to analyze network traffic and detect suspicious activity. Tools like Wireshark and Snort can be utilized to read, capture, and analyze traffic.

Need Help Finding The Right Training Solution?

Our training advisors are here for you.

Course FAQs

  • CYBRScore Labs are pre-configured hardware layouts with accompanying lab guides for fast, convenient access that make studying for an exam or learning new technologies an engaging experience.

  • Each lab consists of multiple tasks that take anywhere from 30 minutes to 2 hours to complete.

  • All you need is an HTML5 compatible browser, such as Google Chrome, Mozilla Firefox, or Microsoft Edge.

  • CYBRScore Labs are available for use for 6 months after the date of purchase. CYBRScore Labs are hosted online and available 24x7x365.

  • Once your purchase is complete, Learning Tree will contact you with the URL and login credentials you will use to access your lab bundle.
Chat With Us