Digital Media Forensics Essentials Labs

Level: Foundation

Learn the security techniques used by the Internet’s most skilled professionals. This Digital Media Forensics Essentials lab bundle, which includes 19 distinct, hands-on labs, will provide you with an introduction to media collection, imaging and analysis.

Key Features of this Training:

  • 6-month access to CYBRScore Digital Media Forensics Essentials Labs
  • Content aligned to Digital Forensics Training: Tools and Techniques

You Will Learn How To:

  • Detect, identify, and analyze malicious activity
  • Use detection various tools and tools like Wireshark and Snort to read, capture, and analyze traffic
  • Identify and remove trojans, malicious files, and/or processes

Choose the Training Solution That Best Fits Your Individual Needs or Organizational Goals


On Demand

6-Month Access to:

  • Pre-configured labs with lab guides
  • Gain hands-on skills in topic areas aligned to Digital Forensics Training: Tools and Techniques
View Course Details

Standard $99

Government $99



Save More On Training with FlexVouchers – A Unique Training Savings Account

Our FlexVouchers help you lock in your training budgets without having to commit to a traditional 1 voucher = 1 course classroom-only attendance. FlexVouchers expand your purchasing power to modern blended solutions and services that are completely customizable. For details, please call 888-843-8733 or chat live.

On Demand

Important Course Information

  • CYBRScore Labs Description

    Practice your skills in a virtual network environment. Learn by doing wherever you are on your own time at your own pace. CYBRScore Labs are pre-configured hardware layouts with accompanying lab guides for fast, convenient access that make studying for an exam or learning new technologies an engaging experience. CYBRScore Labs are available for use for 6 months after the date of purchase. CYBRScore Labs are hosted online and available 24x7x365.

Digital Media Forensics Lab Content

  • Analyze Malicious Activity in Memory Using Volatility

    Students will use the open source Volatility tool to analyze a memory snapshot and determine what malicious software has infected the victim machine.

  • Conduct Log Analysis and Cross Examination for False Positives

    Students will confirm the validity of event-data analysis to eliminate false-positive events.

  • Creating a Baseline Using the Windows Forensic Toolchest (WFT)

    Students will run Windows Forensic Toolchest against an existing system to create a baseline that will be used for future analysis.

  • Data Recovery with Autopsy

    Students will ingest and process a previously acquired forensic image using Autopsy. The focus of the lab will be on recovering data from the image, reviewing the supplied forensic report and verifying that the image is forensically sound.

  • Detect the Introduction and Execution of Malicious Activity

    In this lab, the student will simulate browsing and downloading a malicious file from a website then learn how to detect the introduction and executions of malicious activity on a Win7 machine.

  • Dynamic Malware Analysis Capstone

    Students will use utilize two virtual machines, inside a protected network, to observe configuration changes on a known good / clean system and all of the unusual network traffic generated by the suspect software they will be analyzing. On the clean system they will use Regshot, Argon Network Switcher, Process Hacker, Process Monitor and Noriben to gather details on what the suspicious program is actually doing. On another support machine they will set up a fake DNS server to receive all suspicious traffic, and pass that traffic over to Wireshark for further analysis. This lab will continue to foster tool familiarization and will provide the students an introduction to capturing network traffic by using a simple "man-in-the-middle" system.

  • Identify Access to a LINUX Firewall Through SYSLOG Service

    Students will identify access to a PFSENSE firewall through the forwarding of SYSLOG (System logs) from a Firewall to the SYSLOG service we have configured and set up on the Network. Students will then identify malicious activity through system logs.

  • Identify and Remove Trojan Using Various Tools

    Students will detect malicious files and processes using various tools. Students will then remove the malicious files and/or processes.

  • Identify Suspicious Information in VM Snapshots

    Students will identify known IOCs for Stuxnet and save them for analysis. Students will then identify malicious drivers associated with the malware, and identify AES keys in memory.

  • Identify Whether High-Risk Systems Were Affected

    The highest risk systems are the ones with Internet facing Applications. One an attacker from the Internet is able to compromise the internal network, then it is very likely they will attempt to move to other machines on the network. The machines in the Demilitarized Zone (DMZ) are at high risk because they are not usually as protected as the computers which are part of the Internal Network.

  • Image Forensics Capstone

    Students will create a live image using FTK Imager and verify that the image was created successfully.

  • Live Imaging with FTK Imager Lite

    Students will use FTK Imager Lite to create a forensic image of a Windows 8 workstation. After they create the image they will perform a hash check to ensure that the image that was created is the same as what is currently running on the live system.

  • Memory Extraction and Analysis

    This is one of the labs for the Advanced Digital Media Forensics class.

  • Network Miner

    This lab exercise is designed to allow the trainee to become familiar with using Network Miner.

  • Open Source Password Cracking

    Students will use John the Ripper and Cain and Abel to crack password protected files.

  • Participate in Attack Analysis Using Trusted Tool Set

    Students will participate in attack analysis/incident response, including root cause determination, to identify vulnerabilities exploited, vector/source and methods used (e.g., malware, denial of service). Students will then investigate and correlate system logs to identify missing patches, level of access obtained, unauthorized processes or programs.

  • Using Snort and Wireshark to Analyze Traffic

    In this lab we will replicate the need for Analysts to be able to analyze network traffic and detect suspicious activity. Tools like Wireshark and Snort can be utilized to read, capture, and analyze traffic.


  • What is a CYBRScore Lab Bundle?

    • CYBRScore Labs are pre-configured hardware layouts with accompanying lab guides for fast, convenient access that make studying for an exam or learning new technologies an engaging experience.
  • How long will each lab take to complete?

    • Each lab consists of multiple tasks that take anywhere from 30 minutes to 2 hours to complete.
  • Are there any system requirements?

    • All you need is an HTML5 compatible browser, such as Google Chrome, Mozilla Firefox, or Microsoft Edge.
  • How long do I have access to the labs for?

    • CYBRScore Labs are available for use for 6 months after the date of purchase. CYBRScore Labs are hosted online and available 24x7x365.
  • How do I access my purchased labs?

    • Once your purchase is complete, Learning Tree will contact you with the URL and login credentials you will use to access your lab bundle.

Questions about which training is right for you?

call 888-843-8733
chat Live Chat

100% Satisfaction Guaranteed

Your Training Comes with a 100% Satisfaction Guarantee!*

*Partner-delivered courses may have different terms that apply. Ask for details.

Preferred method of contact:
Chat Now

Please Choose a Language

Canada - English

Canada - Français