Time
4 hours
Difficulty
Beginner
CEU/CPE
4

Video Transcription

00:00
hi and welcome to Everyday did your forensics. My name's just unease then, and I'll be guiding you through today's digital discovery. So who am I on? Why should you listen to me?
00:10
I have a bachelor's degree in computer science and a masters in Digital Friend six.
00:16
I have experience in digital forensics fields Incident Response. I am currently a software
00:23
engineer within the security space and also Instructor have over eight years working in the tech field. I started off in I T support,
00:31
branched off to computer science, started testing on that. I moved over to security and security. I handled incident response,
00:41
uh, built internal tools,
00:44
handled customer security events
00:46
and essentially designs develops managed
00:50
of frameworks that are used within the company for detecting, alerting encryption and overall security standards. Enough about me. So who would be the target audience for this? In my opinion, anyone in the cybersecurity or the computer science world, whether you're a student or just the professional, that's just looking to gain more information
01:08
about security aspects, your day to day
01:11
or you just trying to
01:12
for a change and improve your way of understanding how security is
01:18
and overall you could also just be a leader.
01:21
Just someone who is up in one of the sea levels are exactly what you just want to get, an idea of
01:26
how things happen, how things work.
01:32
So one of the pre records prerequisites First, this course on top of the practice lives that I'll be using their provided by Cyber Easy. I'll also be using a VM with Windows seven and insults.
01:47
I do not have Windows eight or 10. I'll try to make any.
01:51
I'll try to make references to any differences that I find,
01:55
but most of the work will be focused on 1 to 7.
01:57
You have to be comfortable with heck, suggest Imo's
02:00
and or binaries.
02:02
We will have come to a point where we would actually be reading memories,
02:07
Kandra says.
02:07
We'll be reading
02:09
how memory looks,
02:12
how file system stores information Heart reads information.
02:15
So just being able to see these numbers and being able to convert him from packs of decimals, the binaries
02:22
and from binaries, taxi decimals,
02:24
security and ever concepts are a plus.
02:29
One of these,
02:30
Ma Joe's, will be going over AP cap and identifying town at identifying on ssh session
02:38
on a different network protocols and different acquit usages.
02:44
So having a general concepts
02:46
understanding of these terminologies,
02:49
one of the other sections will be focusing on reviewing
02:53
items within a malicious files. And this includes
02:58
programming clothes.
02:59
The language is there will be focused on python or Java skirts.
03:04
And,
03:06
of course, to learn anything, you have to have a positive attitude on a passion for learning if not,
03:10
where we even in this.
03:14
So for this video, my objectives are to go over basic concepts of digital forensics. We'll go ahead and talk about a few these cases related to digital forensics and techniques that are learned
03:28
through the process,
03:30
and they groundwork for any future courses.
03:35
So I get this question asked about when I see what my monsters is.
03:38
What is digital forensics?
03:43
I give you a few seconds. Just think it out.
03:45
What could possibly
03:46
be Teacher friend? Six.
03:52
So did your forensics is a process that uses the scientific message
03:57
to develop
03:58
not only a hypothesis
04:00
but to also test whether or not
04:01
were able to answer questions about a digital that so we'll go ahead and gather all this information. Create a hypothesis and based on the evidence that we find in the correlation between the evidence, were able to prove or disprove where the hypothesis
04:17
it's true.
04:18
So, based on the definition, can you identify three use cases related to deter forensics or just a technique that can be used for this?
04:33
So these are not all the answers, but these air, some techniques and some techniques and use cases that we will be focusing on this class just to kind of give you an idea of what to come thes are these cases for
04:46
So one case is the retrieval over the native file. You go ahead and use idiot it all your wedding photos, that big presentation that's doing Friday
04:56
and your wife decided to empty out the trash can on your computer. Would you dio
05:01
You need that presentation? It's Thursday,
05:04
so we'll able will be able to actually look into a file system,
05:10
see where the foul is, see where the trash can context are, be able to map it to where it is in backup. 75 systems have their own backup,
05:18
and within the back home, you can just
05:21
go ahead and extract that file.
05:25
We have examination of files between executed.
05:29
This is in a case through downloaded, malicious foul. How do we check whether or not malicious before we actually run it?
05:35
The analysis of network traffic?
05:39
Um, there's also the process of hiding information in images, audio files.
05:44
Any kind of file was ready,
05:46
and
05:46
this is a use case, which, let's say, there's some trading going on. Black market trading going on on. Instead of exchanging an email with
05:59
the wire transfer number, they go ahead and exchange of photo just full of a cat. Nothing
06:05
suspicious. Nothing crazy within that
06:09
photo,
06:10
their instructions on what to do, where to go
06:13
and using that
06:15
were able to pinpoint evidence for
06:18
improve our her processes. See, John Doe was involved in this because of this photo on. As you can see, there's some other cases.
06:28
Um, there's many more cases that could be used. Answer the question.
06:31
These are some of the cases that will be
06:34
reviewed on possibly lab in this course.
06:38
So here we have a list of a few open source tools that may or may not be used in the course.
06:44
If they are used, you may find some kind of instruction videos in a resource tab for this lecture.
06:50
Or you can go ahead and check out you two for some of these tools, So autopsy is more of a framework for when you're actually performing the investigation. War. A shark is a network packet analyzer. Either you can record the current traffic that's going in where, if you have
07:06
API cap or some kind of network. Sile
07:11
that's in portable in Sioux are sharp. You could read it and kind of dive into was going on. And so from theirs
07:17
of VM Ware, a virtual box. In my case, I'm writing a Mac machine, so I have a VM Ware that's running Windows seven. Ah, the suitcases. Someone just to do forensics tools. Autopsy is the gooey for it, but spoof kit is kind of the seal I for it.
07:33
Kai Lennox is just the flavor Lennox. So you might be using to perform some off the tools. Some of the extractions kind mix has a lot off
07:43
frameworks, especially for cybersecurity already installs. And I'm sure you've seen in some of the courses.
07:49
Uh, well, me
07:50
definitely talking about us to you, right? Dockers
07:54
Regent accusations of some kind of data. You want to prevent the operative system from executing or from
08:01
writing any files, so you use a ***. Look,
08:03
um, this that's just a general term that I feel like you should use. And then another tool. What is also fck imager?
08:11
Uh, there is the free version on the news, a commercial version for after can't imager.
08:16
But it is a work space that is used for investigators to perform
08:20
the investigation to view the data sources to view the evidence and tendency dive into the files.
08:26
So in today's actually we defined what did your friends? Exes.
08:31
We kind of reviewed some of the possible cases in which does your friend's ex can be used
08:35
and kind of just took it upon a potential text back that would be using for the course.

Up Next

Everyday Digital Forensics

In this course, you will be presented with an overview of the principles and techniques for digital forensics investigation in the spectrum of file system analysis.

Instructed By

Instructor Profile Image
Yesenia Yser
Engineering Manager, Security Research & Development at SoFL, Women in Tech Committee Member, University Outreach and STEM Instructor
Instructor