Overview

Introduction

The Forensics - E-mail and Social Media Investigations lab provides you with the instructions and devices to develop your hands on skills in the following topics.

  • Using OSForensics to Recover E-mail
  • Email Examination Example
  • Image Examination Example
  • Facebook Forensics

Lab time: It will take approximately 1 hour to complete this lab.

Exam Objectives

The following exam objectives are covered in this lab:

  • CS0-001 1.1 Given a scenario, apply environmental reconnaissance techniques using appropriate tools and processes.
  • CS0-001 3.2 Given a scenario, prepare a toolkit and use appropriate forensics tools during an investigation.
  • CS0-001 4.2 Given a scenario, use data to recommend remediation of security issues related to identity and access management.

Exercise 1 - Using OSForensics to Recover E-mail

OSForensics isn’t task or file specific, as other tools are. However, it indexes data on a disk image or an entire drive for faster data retrieval. It can also filter or find files specific to e-mail clients and servers.

In this exercise you will complete the following tasks.

  • Extract Drive Image
  • Recover E-mail Messages

Exercise 2 - Email Examination Example

For this project, you use Aid4Mail to examine an Enron employee’s e-mail.

You will use PLABWIN810 lab workstation to complete this project.

In this exercise you will complete the following tasks.

  • Email Search

Exercise 3 - Image Examination Example

In this project, you use ProDiscover Basic to retrieve mail in the M57 case.

You will use PLABWIN810 lab workstation to complete this project.

In this exercise you will complete the following tasks.

  • USB Image Search

Exercise 4 - Facebook Forensics

In this project, you use Facebook Forensic Toolkit by Afentis Software to discover the friends and other information of a public Facebook profile. Although you can use your own Facebook logon for this project, creating a logon connected to your professional e-mail account is highly recommended for working on actual cases.

You will be using PLABWIN810 lab device to complete this project.

In this exercise you will complete the following tasks.

  • Facebook Evidence Acquistion

Comprehensive Learning

See the full benefits of our immersive learning experience with interactive courses and guided career paths.