Digital Forensics Investigation

00:00

hi and welcome to Everyday did your forensics. My name's just unease then, and I'll be guiding you through today's digital discovery. So who am I on? Why should you listen to me?

00:10

I have a bachelor's degree in computer science and a masters in Digital Friend six.

00:16

I have experience in digital forensics fields Incident Response. I am currently a software

00:23

engineer within the security space and also Instructor have over eight years working in the tech field. I started off in I T support,

00:31

branched off to computer science, started testing on that. I moved over to security and security. I handled incident response,

00:41

uh, built internal tools,

00:44

handled customer security events

00:46

and essentially designs develops managed

00:50

of frameworks that are used within the company for detecting, alerting encryption and overall security standards. Enough about me. So who would be the target audience for this? In my opinion, anyone in the cybersecurity or the computer science world, whether you're a student or just the professional, that's just looking to gain more information

01:08

about security aspects, your day to day

01:11

or you just trying to

01:12

for a change and improve your way of understanding how security is

01:18

and overall you could also just be a leader.

01:21

Just someone who is up in one of the sea levels are exactly what you just want to get, an idea of

01:26

how things happen, how things work.

01:32

So one of the pre records prerequisites First, this course on top of the practice lives that I'll be using their provided by Cyber Easy. I'll also be using a VM with Windows seven and insults.

01:47

I do not have Windows eight or 10. I'll try to make any.

01:51

I'll try to make references to any differences that I find,

01:55

but most of the work will be focused on 1 to 7.

01:57

You have to be comfortable with heck, suggest Imo's

02:00

and or binaries.

02:02

We will have come to a point where we would actually be reading memories,

02:07

Kandra says.

02:07

We'll be reading

02:09

how memory looks,

02:12

how file system stores information Heart reads information.

02:15

So just being able to see these numbers and being able to convert him from packs of decimals, the binaries

02:22

and from binaries, taxi decimals,

02:24

security and ever concepts are a plus.

02:29

One of these,

02:30

Ma Joe's, will be going over AP cap and identifying town at identifying on ssh session

02:38

on a different network protocols and different acquit usages.

02:44

So having a general concepts

02:46

understanding of these terminologies,

02:49

one of the other sections will be focusing on reviewing

02:53

items within a malicious files. And this includes

02:58

programming clothes.

02:59

The language is there will be focused on python or Java skirts.

03:04

And,

03:06

of course, to learn anything, you have to have a positive attitude on a passion for learning if not,

03:10

where we even in this.

03:14

So for this video, my objectives are to go over basic concepts of digital forensics. We'll go ahead and talk about a few these cases related to digital forensics and techniques that are learned

03:28

through the process,

03:30

and they groundwork for any future courses.

03:35

So I get this question asked about when I see what my monsters is.

03:38

What is digital forensics?

03:43

I give you a few seconds. Just think it out.

03:45

What could possibly

03:46

be Teacher friend? Six.

03:52

So did your forensics is a process that uses the scientific message

03:57

to develop

03:58

not only a hypothesis

04:00

but to also test whether or not

04:01

were able to answer questions about a digital that so we'll go ahead and gather all this information. Create a hypothesis and based on the evidence that we find in the correlation between the evidence, were able to prove or disprove where the hypothesis

04:17

it's true.

04:18

So, based on the definition, can you identify three use cases related to deter forensics or just a technique that can be used for this?

04:33

So these are not all the answers, but these air, some techniques and some techniques and use cases that we will be focusing on this class just to kind of give you an idea of what to come thes are these cases for

04:46

So one case is the retrieval over the native file. You go ahead and use idiot it all your wedding photos, that big presentation that's doing Friday

04:56

and your wife decided to empty out the trash can on your computer. Would you dio

05:01

You need that presentation? It's Thursday,

05:04

so we'll able will be able to actually look into a file system,

05:10

see where the foul is, see where the trash can context are, be able to map it to where it is in backup. 75 systems have their own backup,

05:18

and within the back home, you can just

05:21

go ahead and extract that file.

05:25

We have examination of files between executed.

05:29

This is in a case through downloaded, malicious foul. How do we check whether or not malicious before we actually run it?

05:35

The analysis of network traffic?

05:39

Um, there's also the process of hiding information in images, audio files.

05:44

Any kind of file was ready,

05:46

and

05:46

this is a use case, which, let's say, there's some trading going on. Black market trading going on on. Instead of exchanging an email with

05:59

the wire transfer number, they go ahead and exchange of photo just full of a cat. Nothing

06:05

suspicious. Nothing crazy within that

06:09

photo,

06:10

their instructions on what to do, where to go

06:13

and using that

06:15

were able to pinpoint evidence for

06:18

improve our her processes. See, John Doe was involved in this because of this photo on. As you can see, there's some other cases.

06:28

Um, there's many more cases that could be used. Answer the question.

06:31

These are some of the cases that will be

06:34

reviewed on possibly lab in this course.

06:38

So here we have a list of a few open source tools that may or may not be used in the course.

06:44

If they are used, you may find some kind of instruction videos in a resource tab for this lecture.

06:50

Or you can go ahead and check out you two for some of these tools, So autopsy is more of a framework for when you're actually performing the investigation. War. A shark is a network packet analyzer. Either you can record the current traffic that's going in where, if you have

07:06

API cap or some kind of network. Sile

07:11

that's in portable in Sioux are sharp. You could read it and kind of dive into was going on. And so from theirs

07:17

of VM Ware, a virtual box. In my case, I'm writing a Mac machine, so I have a VM Ware that's running Windows seven. Ah, the suitcases. Someone just to do forensics tools. Autopsy is the gooey for it, but spoof kit is kind of the seal I for it.

07:33

Kai Lennox is just the flavor Lennox. So you might be using to perform some off the tools. Some of the extractions kind mix has a lot off

07:43

frameworks, especially for cybersecurity already installs. And I'm sure you've seen in some of the courses.

07:49

Uh, well, me

07:50

definitely talking about us to you, right? Dockers

07:54

Regent accusations of some kind of data. You want to prevent the operative system from executing or from

08:01

writing any files, so you use a ***. Look,

08:03

um, this that's just a general term that I feel like you should use. And then another tool. What is also fck imager?

08:11

Uh, there is the free version on the news, a commercial version for after can't imager.

08:16

But it is a work space that is used for investigators to perform

08:20

the investigation to view the data sources to view the evidence and tendency dive into the files.

08:26

So in today's actually we defined what did your friends? Exes.

08:31

We kind of reviewed some of the possible cases in which does your friend's ex can be used