Overview

Class Central Tips

This course provides a guide to digital forensics for penetration testers, featuring hands-on labs and video tutorials. Starting with setting up a forensic lab using VirtualBox, you'll learn to create virtual installations of CSI Linux, Kali Linux, and Windows 10. - You'll master forensic tools like Kali Forensic Mode, Autopsy, and Shodan, gaining hands-on experience in acquiring and analyzing forensic disk images, managing digital forensics cases, and conducting OSINT investigations. - You'll also delve into reverse engineering malware using Ghidra and performing network forensics with Wireshark. - The course culminates in Capture the Flag exercises to apply your skills in real-world scenarios. By the end, you'll have a robust understanding of digital forensics processes, making you a proficient penetration tester. Designed for aspiring and professional penetration testers, cybersecurity analysts, and IT professionals with basic networking and cybersecurity knowledge, this course ensures practical, real-world experience through interactive learning. This course is tailored for technical professionals, cybersecurity enthusiasts, and pentesters seeking to deepen their expertise in digital forensics. Participants should have a foundational understanding of networking and basic Linux operations. Familiarity with virtual environments and command-line interfaces will be beneficial but not mandatory.

Syllabus

Course Overview

In this module, we will introduce you to the Digital Forensics for Pentesters course. You will get an overview of what to expect, the key topics covered, and the tools required to get the most out of your learning experience.

Building Your Forensics Lab Environment Using VirtualBox

In this module, we will guide you through setting up your forensics lab environment using VirtualBox. You will learn how to download and install different forensic tools and operating systems, including CSI Linux, Kali Linux, Windows 10, and Metasploitable2, to create a comprehensive lab setup for your investigations.

Using Kali Forensic Mode and Autopsy

In this module, we will delve into the forensic capabilities of Kali Linux and Autopsy. You will learn how to boot into Kali's forensic mode, create forensic disk images, and use Autopsy to examine these images for evidence.

Digital Forensics Case Management

In this module, we will cover the essential aspects of digital forensics case management. You will learn how to use the WebMap Nmap Dashboard to create comprehensive reports and manage your forensic cases efficiently.

Open-Source Intelligence (OSINT)

In this module, we will explore the world of Open-Source Intelligence (OSINT). You will learn how to use tools like CSI Linux Investigator and Sherlock to gather information from publicly available sources and understand the OSINT framework's capabilities.

Using Shodan to Search for Vulnerable Devices

In this module, we will focus on using Shodan, a powerful search engine for finding vulnerable devices and databases on the internet. You will learn how to set up your tools for secure access and perform effective searches for potential vulnerabilities.

Computer Forensics

In this module, we will cover various computer forensics techniques. You will learn how to attach and analyze external USB devices, create forensic copies of the Windows registry, and retrieve crucial information like Wi-Fi credentials, email headers, and hidden folders.

Reverse Engineering and Malware Analysis

In this module, we will introduce you to reverse engineering and malware analysis using Ghidra. You will learn how to install and use Ghidra to analyze software and malware, including high-profile cases like the WannaCry ransomware.

Stenography

In this module, we will explore the techniques of steganography. You will learn how to use Steghide to conceal data within images and utilize EXIFtool to read and modify the metadata hidden within image files.

Network Forensics Using Wireshark

In this module, we will dive into network forensics with Wireshark. You will learn how to use Wireshark to capture and analyze network traffic, identify vulnerabilities, and understand the intricacies of network protocols like TCP.

Practice What You learned

In this module, we will give you the opportunity to put your knowledge into practice through a series of Capture the Flag (CTF) exercises. You will build your lab environment and use the tools and techniques you have learned to complete various forensic challenges and capture all the flags.