hi and welcome to Everyday did your forensics. My name's just unease then, and I'll be guiding you through today's digital discovery. So who am I on? Why should you listen to me?
I have a bachelor's degree in computer science and a masters in Digital Friend six.
I have experience in digital forensics fields Incident Response. I am currently a software
engineer within the security space and also Instructor have over eight years working in the tech field. I started off in I T support,
branched off to computer science, started testing on that. I moved over to security and security. I handled incident response,
uh, built internal tools,
handled customer security events
and essentially designs develops managed
of frameworks that are used within the company for detecting, alerting encryption and overall security standards. Enough about me. So who would be the target audience for this? In my opinion, anyone in the cybersecurity or the computer science world, whether you're a student or just the professional, that's just looking to gain more information
about security aspects, your day to day
or you just trying to
for a change and improve your way of understanding how security is
and overall you could also just be a leader.
Just someone who is up in one of the sea levels are exactly what you just want to get, an idea of
how things happen, how things work.
So one of the pre records prerequisites First, this course on top of the practice lives that I'll be using their provided by Cyber Easy. I'll also be using a VM with Windows seven and insults.
I do not have Windows eight or 10. I'll try to make any.
I'll try to make references to any differences that I find,
but most of the work will be focused on 1 to 7.
You have to be comfortable with heck, suggest Imo's
We will have come to a point where we would actually be reading memories,
how file system stores information Heart reads information.
So just being able to see these numbers and being able to convert him from packs of decimals, the binaries
and from binaries, taxi decimals,
security and ever concepts are a plus.
Ma Joe's, will be going over AP cap and identifying town at identifying on ssh session
on a different network protocols and different acquit usages.
So having a general concepts
understanding of these terminologies,
one of the other sections will be focusing on reviewing
items within a malicious files. And this includes
The language is there will be focused on python or Java skirts.
of course, to learn anything, you have to have a positive attitude on a passion for learning if not,
where we even in this.
So for this video, my objectives are to go over basic concepts of digital forensics. We'll go ahead and talk about a few these cases related to digital forensics and techniques that are learned
through the process,
and they groundwork for any future courses.
So I get this question asked about when I see what my monsters is.
What is digital forensics?
I give you a few seconds. Just think it out.
be Teacher friend? Six.
So did your forensics is a process that uses the scientific message
not only a hypothesis
but to also test whether or not
were able to answer questions about a digital that so we'll go ahead and gather all this information. Create a hypothesis and based on the evidence that we find in the correlation between the evidence, were able to prove or disprove where the hypothesis
So, based on the definition, can you identify three use cases related to deter forensics or just a technique that can be used for this?
So these are not all the answers, but these air, some techniques and some techniques and use cases that we will be focusing on this class just to kind of give you an idea of what to come thes are these cases for
So one case is the retrieval over the native file. You go ahead and use idiot it all your wedding photos, that big presentation that's doing Friday
and your wife decided to empty out the trash can on your computer. Would you dio
You need that presentation? It's Thursday,
so we'll able will be able to actually look into a file system,
see where the foul is, see where the trash can context are, be able to map it to where it is in backup. 75 systems have their own backup,
and within the back home, you can just
go ahead and extract that file.
We have examination of files between executed.
This is in a case through downloaded, malicious foul. How do we check whether or not malicious before we actually run it?
The analysis of network traffic?
Um, there's also the process of hiding information in images, audio files.
Any kind of file was ready,
this is a use case, which, let's say, there's some trading going on. Black market trading going on on. Instead of exchanging an email with
the wire transfer number, they go ahead and exchange of photo just full of a cat. Nothing
suspicious. Nothing crazy within that
their instructions on what to do, where to go
were able to pinpoint evidence for
improve our her processes. See, John Doe was involved in this because of this photo on. As you can see, there's some other cases.
Um, there's many more cases that could be used. Answer the question.
These are some of the cases that will be
reviewed on possibly lab in this course.
So here we have a list of a few open source tools that may or may not be used in the course.
If they are used, you may find some kind of instruction videos in a resource tab for this lecture.
Or you can go ahead and check out you two for some of these tools, So autopsy is more of a framework for when you're actually performing the investigation. War. A shark is a network packet analyzer. Either you can record the current traffic that's going in where, if you have
API cap or some kind of network. Sile
that's in portable in Sioux are sharp. You could read it and kind of dive into was going on. And so from theirs
of VM Ware, a virtual box. In my case, I'm writing a Mac machine, so I have a VM Ware that's running Windows seven. Ah, the suitcases. Someone just to do forensics tools. Autopsy is the gooey for it, but spoof kit is kind of the seal I for it.
Kai Lennox is just the flavor Lennox. So you might be using to perform some off the tools. Some of the extractions kind mix has a lot off
frameworks, especially for cybersecurity already installs. And I'm sure you've seen in some of the courses.
definitely talking about us to you, right? Dockers
Regent accusations of some kind of data. You want to prevent the operative system from executing or from
writing any files, so you use a ***. Look,
um, this that's just a general term that I feel like you should use. And then another tool. What is also fck imager?
Uh, there is the free version on the news, a commercial version for after can't imager.
But it is a work space that is used for investigators to perform
the investigation to view the data sources to view the evidence and tendency dive into the files.
So in today's actually we defined what did your friends? Exes.
We kind of reviewed some of the possible cases in which does your friend's ex can be used
and kind of just took it upon a potential text back that would be using for the course.