SDF: Weblog Forensics from Udemy

What's inside

Learning objectives

Understand weblog fundamentals from a dfir point-of-view
Understand weblog components for their investigative value
Be able to create custom ioc sweeps

Be able to create frequency analysis sweeps
Be able to create attack pattern sweeps
Be able to automate the sweeps into a single, simple script

Understand weblog fundamentals from a dfir point-of-view
Understand weblog components for their investigative value
Be able to create custom ioc sweeps
Be able to create frequency analysis sweeps
Be able to create attack pattern sweeps
Be able to automate the sweeps into a single, simple script

Syllabus

Introduction

Welcome to the Surviving Digital Forensic Training Series: Weblog Forensics!

The goal of this class is to teach you a valuable computer forensics skill all in about one hour. The Weblogs are common evidence in DFIR investigations and knowing how to work with this artifact is a critical skill for all analysts.

This lecture goes over the goals of the class and what students will learn upon completion.

This lecture provides an overview of the tools you will be using in this class. The SDF series focuses on using low-cost\ no-cost computer forensic tools built by the DFIR community.

The SIFT workstation, freely available, will be used as a platform to run the Linux tools.

Set up instructions may be found here: https://digital-forensics.sans.org/community/downloads

SDF class for SIFT set up: https://www.udemy.com/surviving-digital-forensics-paladin-virtual-machine/?couponCode=PODCAST

SIFT Details

Learn what examiners need to know about this artifact

In this section we are going to look at the different aspects of the artifact and focus on the valuable part of the record for investigations.

This lecture explains Apache weblogs and why it is one of the core forensic artifacts examiners use for investigations.

This lecture breaks down weblogs into its different forensic components to help examiners better understand the information the artifact contains.

This section teaches you how to conduct IOC sweeps on weblogs.

Check your understanding

Learn fast-triage techniques for weblogs

This section reviews common investigative approach is for weblog triage

This module details common investigative approaches that will be expanded upon in later sections.

A reminder to include logging validation artifacts in the initial stages of the investigation.

Learn to search weblogs using no indicators of compromise

This module is a hands on exercise that teaches you how to run an IOC search.

This module is a hands-on exercise that teaches you how to run an IOC search

Learn to apply frequency analysis searches to weblogs

This section teaches you how to build different types of frequency analysis searches to find investigative leads to advance your investigation

This module teaches you how to build a frequency analysis search based on HTTP request method

This module teaches you how to build a frequency analysis search based on IP addresses

This module teaches you how to build a frequency analysis search based on HTTP status codes

This module teaches you how to build a frequency analysis search based on user agents

This module teaches you how to build a frequency analysis search based on byte-size

Learn to identify attack patterns in weblogs

This section teaches you how to build searches that detect different types of attack happens

This module teaches you how to build a search to detect SQL injection

This module teaches you how to build a search to detect web shells

This module teaches you how to build a search to detect cross site scripting

This module teaches you how to build a search to the text base64 encoding

This module teaches you how to build a search to detect long URL strings

This module teaches you how to build a search to detect directory traversal

This module teaches you how to build a search to detect hexing coding

Learn to script weblog searches

This section teaches you how to combine everything you have learned into a script so you can automate web log triage process

script download

This module provides an overview of the script

This module provides a demonstration of the script

This module provides a more detailed breakdown of the script

Class wrsp-up

A review of the key points learned during class

Thank you for checking out the Surviving Digital Forensic Training Series!

Be sure to check out the other classes in the series here at Udemy.

Check out the Digital Forensics Survival Podcast and listen to talk about computer forensic analysis, techniques, methodology, tool reviews and more http://digitalforensicsurvivalpodcast.com

Good to know

Know what's good

, what to watch for

, and possible dealbreakers

Develops detective techniques, which are useful for identifying digital footprints

Examines weblogs, which are standard in computer forensics

Teaches Apache weblogs, which are a widely used tool

Covers identifying attack patterns, which is highly relevant to industry

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in SDF: Weblog Forensics with these activities:

Compile Learning Resources

Show steps

Stay organized and prepared by compiling all relevant learning materials.

Show steps

Gather lecture notes, assignments, and quizzes
Create a system for organizing and storing materials

Review Linux Basics

Show steps

Strengthen your foundation by brushing up on Linux basics.

Browse courses on Linux

Show steps

Go through online tutorials or documentation
Practice using Linux commands in a virtual environment

Inspecting weblogs with Apache

Show steps

Build a comfort level by getting some hands-on time with Apache weblogs.

Show steps

Download a recent weblog
Use a text editor to examine the structure

Six other activities

Expand to see all activities and additional details

Show all nine activities

Attend Web Forensics Meetup

Show steps

Connect with other professionals and stay updated on the latest trends in web forensics.

Browse courses on Community Engagement

Show steps

Find a local web forensics meetup group
Attend meetings and engage in discussions

Frequent Pattern Analysis

Show steps

Enhance your weblog analysis skills through frequent pattern analysis.

Browse courses on Frequency Analysis

Show steps

Select relevant fields for analysis (e.g., IP addresses, status codes)
Apply statistical techniques to identify patterns
Interpret the results and draw conclusions

Custom IOC Sweep

Show steps

Refine your search capabilities by creating a custom IOC sweep.

Browse courses on Indicators of Compromise

Show steps

Identify potential IOCs
Craft a search query using regular expressions
Test the sweep on different weblogs

Dive into Attack Patterns

Show steps

Become more proficient in detecting attack patterns by following guided tutorials.

Show steps

Explore resources on common attack patterns
Practice identifying attack patterns in weblogs
Evaluate the effectiveness of your detection methods

Automated Weblog Script

Show steps

Enhance your efficiency by automating the weblog analysis process.

Browse courses on Automation

Show steps

Design a workflow for the script
Develop the script using a programming language
Test and refine the script on multiple weblogs

Guide a Junior Analyst

Show steps

Solidify your understanding by mentoring a junior analyst.

Show steps

Identify a junior analyst who could benefit from your guidance
Provide support and answer their questions
Review their work and provide feedback

Career center

Learners who complete SDF: Weblog Forensics will develop knowledge and skills that may be useful to these careers:

Reading list

We haven't picked any books for this reading list yet.

SDF

Weblog Forensics

12 deals to help you save

What's inside

Learning objectives

Syllabus

Good to know

Save this course

Activities

Career center

Reading list

Share

Similar courses