We may earn an affiliate commission when you visit our partners.
Course image
Michael Leclair

Welcome to the Surviving Digital Forensics series. This class provides hands-on training that teaches weblog forensic triage techniques.

Read more

Welcome to the Surviving Digital Forensics series. This class provides hands-on training that teaches weblog forensic triage techniques.

  • Learn weblog fundamentals from a DFIR point-of-view

  • Understand weblog components for their investigative value

  • Learn how to create custom IOC sweeps

  • Learn how to create frequency analysis sweeps using IP addresses, status codes, request methods, etc.

  • Learn how to create attack pattern sweeps for SQL injection, web shells, XSS and more

  • Learn how to automate the sweeps into a single, simple script

Enroll now

What's inside

Learning objectives

  • Understand weblog fundamentals from a dfir point-of-view
  • Understand weblog components for their investigative value
  • Be able to create custom ioc sweeps
  • Be able to create frequency analysis sweeps
  • Be able to create attack pattern sweeps
  • Be able to automate the sweeps into a single, simple script

Syllabus

Introduction

Welcome to the Surviving Digital Forensic Training Series: Weblog Forensics!

The goal of this class is to teach you a valuable computer forensics skill all in about one hour. The Weblogs are common evidence in DFIR investigations and knowing how to work with this artifact is a critical skill for all analysts.

Read more

This lecture goes over the goals of the class and what students will learn upon completion.

This lecture provides an overview of the tools you will be using in this class. The SDF series focuses on using low-cost\ no-cost computer forensic tools built by the DFIR community.

The SIFT workstation, freely available, will be used as a platform to run the Linux tools.

Set up instructions may be found here: https://digital-forensics.sans.org/community/downloads

SDF class for SIFT set up: https://www.udemy.com/surviving-digital-forensics-paladin-virtual-machine/?couponCode=PODCAST

SIFT Details
Learn what examiners need to know about this artifact

In this section we are going to look at the different aspects of the artifact and focus on the valuable part of the record for investigations.

This lecture explains Apache weblogs and why it is one of the core forensic artifacts examiners use for investigations.

This lecture breaks down weblogs into its different forensic components to help examiners better understand the information the artifact contains.

This section teaches you how to conduct IOC sweeps on weblogs.

Check your understanding

Learn fast-triage techniques for weblogs

This section reviews common investigative approach is for weblog triage

This module details common investigative approaches that will be expanded upon in later sections.

A reminder to include logging validation artifacts in the initial stages of the investigation.

Learn to search weblogs using no indicators of compromise

This module is a hands on exercise that teaches you how to run an IOC search.

This module is a hands-on exercise that teaches you how to run an IOC search

Learn to apply frequency analysis searches to weblogs

This section teaches you how to build different types of frequency analysis searches to find investigative leads to advance your investigation

This module teaches you how to build a frequency analysis search based on HTTP request method

This module teaches you how to build a frequency analysis search based on IP addresses

This module teaches you how to build a frequency analysis search based on HTTP status codes

This module teaches you how to build a frequency analysis search based on user agents

This module teaches you how to build a frequency analysis search based on byte-size

Learn to identify attack patterns in weblogs

This section teaches you how to build searches that detect different types of attack happens

This module teaches you how to build a search to detect SQL injection

This module teaches you how to build a search to detect web shells

This module teaches you how to build a search to detect cross site scripting

This module teaches you how to build a search to the text base64 encoding

This module teaches you how to build a search to detect long URL strings

This module teaches you how to build a search to detect directory traversal

This module teaches you how to build a search to detect hexing coding

Learn to script weblog searches

This section teaches you how to combine everything you have learned into a script so you can automate web log triage process

script download

This module provides an overview of the script

This module provides a demonstration of the script

This module provides a more detailed breakdown of the script

Class wrsp-up

A review of the key points learned during class

Thank you for checking out the Surviving Digital Forensic Training Series!

Be sure to check out the other classes in the series here at Udemy.

Check out the Digital Forensics Survival Podcast and listen to talk about computer forensic analysis, techniques, methodology, tool reviews and more http://digitalforensicsurvivalpodcast.com

Good to know

Know what's good
, what to watch for
, and possible dealbreakers
Develops detective techniques, which are useful for identifying digital footprints
Examines weblogs, which are standard in computer forensics
Teaches Apache weblogs, which are a widely used tool
Covers identifying attack patterns, which is highly relevant to industry

Save this course

Save SDF: Weblog Forensics to your list so you can find it easily later:
Save

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in SDF: Weblog Forensics with these activities:
Compile Learning Resources
Stay organized and prepared by compiling all relevant learning materials.
Show steps
  • Gather lecture notes, assignments, and quizzes
  • Create a system for organizing and storing materials
Review Linux Basics
Strengthen your foundation by brushing up on Linux basics.
Browse courses on Linux
Show steps
  • Go through online tutorials or documentation
  • Practice using Linux commands in a virtual environment
Inspecting weblogs with Apache
Build a comfort level by getting some hands-on time with Apache weblogs.
Show steps
  • Download a recent weblog
  • Use a text editor to examine the structure
Six other activities
Expand to see all activities and additional details
Show all nine activities
Attend Web Forensics Meetup
Connect with other professionals and stay updated on the latest trends in web forensics.
Browse courses on Community Engagement
Show steps
  • Find a local web forensics meetup group
  • Attend meetings and engage in discussions
Frequent Pattern Analysis
Enhance your weblog analysis skills through frequent pattern analysis.
Browse courses on Frequency Analysis
Show steps
  • Select relevant fields for analysis (e.g., IP addresses, status codes)
  • Apply statistical techniques to identify patterns
  • Interpret the results and draw conclusions
Custom IOC Sweep
Refine your search capabilities by creating a custom IOC sweep.
Browse courses on Indicators of Compromise
Show steps
  • Identify potential IOCs
  • Craft a search query using regular expressions
  • Test the sweep on different weblogs
Dive into Attack Patterns
Become more proficient in detecting attack patterns by following guided tutorials.
Show steps
  • Explore resources on common attack patterns
  • Practice identifying attack patterns in weblogs
  • Evaluate the effectiveness of your detection methods
Automated Weblog Script
Enhance your efficiency by automating the weblog analysis process.
Browse courses on Automation
Show steps
  • Design a workflow for the script
  • Develop the script using a programming language
  • Test and refine the script on multiple weblogs
Guide a Junior Analyst
Solidify your understanding by mentoring a junior analyst.
Show steps
  • Identify a junior analyst who could benefit from your guidance
  • Provide support and answer their questions
  • Review their work and provide feedback

Career center

Learners who complete SDF: Weblog Forensics will develop knowledge and skills that may be useful to these careers:

Reading list

We haven't picked any books for this reading list yet.

Share

Help others find this course page by sharing it with your friends and followers:
Our mission

OpenCourser helps millions of learners each year. People visit us to learn workspace skills, ace their exams, and nurture their curiosity.

Our extensive catalog contains over 50,000 courses and twice as many books. Browse by search, by topic, or even by career interests. We'll match you to the right resources quickly.

Find this site helpful? Tell a friend about us.

Affiliate disclosure

We're supported by our community of learners. When you purchase or subscribe to courses and programs or purchase books, we may earn a commission from our partners.

Your purchases help us maintain our catalog and keep our servers humming without ads.

Thank you for supporting OpenCourser.

© 2016 - 2024 OpenCourser