Time
6 hours 28 minutes
Difficulty
Intermediate
CEU/CPE
7

Video Transcription

00:00
Welcome back to the several recourse in building you're in for a sec lap. I'm your host and instructor Kevin Hernandez, Our last lesson win stall. Next suppose within our Windows Server 2016 operating system.
00:12
Next pose is a vulnerability assessment, all which will help us
00:17
keep the integrity and security off our network.
00:20
In today's lesson, we'll actually go over to more forensic applications,
00:25
unlike our previous insulation, this unknown operating system but applications you can run within Windows itself.
00:32
Let's get started
00:34
when searching for autopsy. Make sure you acts lookit
00:37
as part of the search. Otherwise you'll come over more biological like
00:42
autopsies, right? That one of the good things about Google, it said. It will also show you right here the right corner. People also search for right, and you can see that F decay. It's one of those options are actually gonna take a look into that tool swollen this lesson.
00:59
So let's go ahead first and go to Autopsy,
01:02
right?
01:03
You have a little screen of how looks
01:07
it was clicked. Download now,
01:10
and let's download the 64 bit version.
01:12
And let's wait for it to finish
01:15
all it's doing that.
01:17
Let's go ahead and go back.
01:19
I look down. Look after Kay Imager.
01:22
If you're gonna see it's right here.
01:25
So so after Kate Imager.
01:29
Here we go
01:30
after Kate Imager.
01:32
27 teams to release date for this particular Russian.
01:36
Let's go ahead and downloaded A swell
01:38
so you can see after came in your dust, require you to sign up.
01:42
So let's go ahead and fill this up. I'm gonna possibility while I complete this, as you can see once you've finally completed, it says that it will provide you
01:51
15 minutes to download
01:53
after King Imager to the email impact in the form
01:57
and this year's give or take what you'll see. Frantic E. Now let's go ahead and click on that link was Click. You'll see that it will start downloading.
02:06
Now we have actually downloaded. Both of the tools were looking over in this lesson.
02:12
Let's start with all topsy.
02:13
It's clicking.
02:15
Wait for it to open
02:19
setup Wizard.
02:21
Next
02:22
it's your default.
02:23
It's still
02:25
pretty basic, right?
02:30
Let's give it a minute or two for it to complete insulation.
02:38
It's pretty easy.
02:39
No additional prompts have been required from us. Now. These tools are slightly different than sift, um,
02:50
imager itself. It's more towards creating images,
02:54
and it's very efficient, and it kind of puts the right block when you're doing them right. It's a software level, but it's still pretty good,
03:01
not a dance install. That school hadn't also take care of decay imager. Install it as well.
03:07
Then we wouldn't have to go back and forward.
03:10
You see, it's starting to extract the data.
03:14
It's pretty much very similar insulation.
03:21
Let's give it a minute. You can see it actually completed.
03:24
Um, since we're here,
03:28
let's go ahead with
03:30
after Kay Imager
03:31
and let me treat this for a second. And here you have F decay. Image looks pretty simple.
03:38
And it is.
03:39
You have evidence
03:42
and Mitch mounting
03:44
create disk image,
03:46
capture memory
03:47
and a team protective files. So the way this works is
03:53
if you, for example, ad evidence item right here you will, for example, copy of physical drive. You could add a logical drive. For example, image you already drawn are like, um,
04:05
virtual disc right. We have logical drives, a swell image, files and content of a folder.
04:14
So let's do content of a folder real quick. So Let's go ahead.
04:16
Click
04:17
Click Next Les Brown's from the folder.
04:23
This case I'm gonna go to my desktop and Tyra Forensics
04:27
and Click Finish.
04:29
You can see now here in the left side.
04:31
Actually see
04:34
the folder. Let me go ahead and turn on my mouth corner for this. Listen,
04:40
no, you can probably see Went miles. Let's expand,
04:44
all right,
04:45
and you can see that there's a test folder in it.
04:49
It was. You click on it, you can actually see the test file,
04:53
and here it's a content out the file.
04:56
It's very basic tool. And what you can actually capture RAM and other things right and click here kept the whole room.
05:06
They cook a autopsy.
05:11
It's loading right now,
05:14
and this is a little bit slower loading. Then after chaos, you can see.
05:19
But they do have a cool logo.
05:25
For some reason, it reminds me of John Wick. I don't know why, but it does,
05:31
and here it goes, fully loaded. So let's create a new case,
05:36
and actually this looks
05:40
like encase competitors
05:42
type approach. So far,
05:44
let's go test case
05:46
and let's put the face directory as
05:49
sorry
05:51
cases, okay,
05:54
and this is gonna be a single user, so let's click next.
05:58
You can see you're gonna have more information. So let's do the date right type of non case number,
06:09
right? And then could you have more than one case per day? Well, at three numbers and ex, you know, Examiner Information.
06:16
Kevin
06:18
55555 Like in the movies My email
06:26
that e mail dot com
06:31
You know, it's
06:32
this
06:34
is a
06:36
test
06:39
unless it finish,
06:41
and now it's creating our case.
06:46
That's taken care off. Let me actually shrink the screen so it could fit the recording window.
06:53
There we go.
06:57
Now you can see you can actually do it. This image like previously
07:01
local dis right and unallocated space image file.
07:04
Let's click on this one so we can do a similar type of approach.
07:09
Click next.
07:11
Let's search of 40 file
07:15
this case. I actually added the file itself. You can see you can break
07:18
into three gigabyte shrunk
07:21
This case. It's a very small flat, so we don't need to do that.
07:25
Sit. Next, you can see it's already pulled the file in the background. Um, like after Kate, you do have a lot of tools in here like hashes file type identification. All those different parameters
07:38
listen next, so we process the data,
07:41
and in the bottom right corner, you should see a processing progress bar. Sadly, I
07:46
didn't have enough time to shrink this by the time it was done.
07:50
So here you can see the sector size type of image
07:56
device I d. You can see the Valley is
08:00
all right. He received a text content
08:03
that was earlier. So
08:05
and the basic difference between these and after Kate image or F decay itself. It's more who guarding the capturing or creating images while this for examples, more of a full blown forensic tool.
08:18
Good,
08:20
It is really good. And if you're into for insects or like to discover more towards for insects, I will highly recommend it. It's very interesting field, especially if you're half that detective or investigation type of feeling in your career.
08:35
I highly recommend it.
08:37
This lesson will actually installed all topsy auto sign and after Kate imager,
08:41
which are free to use for personal usage.
08:46
These are great alternative if you want to do very light forensics or at least capture content without the requirements of having a fully deployed operating system as it was. What a previous option
08:58
in our next lesson will actually go over model for connecting and configuring our laps.
09:05
Hoped the season. Have a date date?

Up Next

Building an InfoSec Lab

This course will guide you through the basics of incorporating several Information Security Engineering Tools in your home and/or lab. By building this lab you will be able to obtain corporate-level security within your home network, as well as a higher understanding of the capabilities and advantages these tools bring to your network.

Instructed By

Instructor Profile Image
Kevin Hernandez
Instructor