Welcome to the Surviving Digital Forensics series. This class provides hands-on training that teaches weblog forensic triage techniques.
Welcome to the Surviving Digital Forensics series. This class provides hands-on training that teaches weblog forensic triage techniques.
Learn weblog fundamentals from a DFIR point-of-view
Understand weblog components for their investigative value
Learn how to create custom IOC sweeps
Learn how to create frequency analysis sweeps using IP addresses, status codes, request methods, etc.
Learn how to create attack pattern sweeps for SQL injection, web shells, XSS and more
Learn how to automate the sweeps into a single, simple script
Welcome to the Surviving Digital Forensic Training Series: Weblog Forensics!
The goal of this class is to teach you a valuable computer forensics skill all in about one hour. The Weblogs are common evidence in DFIR investigations and knowing how to work with this artifact is a critical skill for all analysts.
This lecture goes over the goals of the class and what students will learn upon completion.
This lecture provides an overview of the tools you will be using in this class. The SDF series focuses on using low-cost\ no-cost computer forensic tools built by the DFIR community.
The SIFT workstation, freely available, will be used as a platform to run the Linux tools.
Set up instructions may be found here: https://digital-forensics.sans.org/community/downloads
SDF class for SIFT set up: https://www.udemy.com/surviving-digital-forensics-paladin-virtual-machine/?couponCode=PODCAST
In this section we are going to look at the different aspects of the artifact and focus on the valuable part of the record for investigations.
This lecture explains Apache weblogs and why it is one of the core forensic artifacts examiners use for investigations.
This lecture breaks down weblogs into its different forensic components to help examiners better understand the information the artifact contains.
This section teaches you how to conduct IOC sweeps on weblogs.
Check your understanding
This section reviews common investigative approach is for weblog triage
This module details common investigative approaches that will be expanded upon in later sections.
A reminder to include logging validation artifacts in the initial stages of the investigation.
This module is a hands on exercise that teaches you how to run an IOC search.
This module is a hands-on exercise that teaches you how to run an IOC search
This section teaches you how to build different types of frequency analysis searches to find investigative leads to advance your investigation
This module teaches you how to build a frequency analysis search based on HTTP request method
This module teaches you how to build a frequency analysis search based on IP addresses
This module teaches you how to build a frequency analysis search based on HTTP status codes
This module teaches you how to build a frequency analysis search based on user agents
This module teaches you how to build a frequency analysis search based on byte-size
This section teaches you how to build searches that detect different types of attack happens
This module teaches you how to build a search to detect SQL injection
This module teaches you how to build a search to detect web shells
This module teaches you how to build a search to detect cross site scripting
This module teaches you how to build a search to the text base64 encoding
This module teaches you how to build a search to detect long URL strings
This module teaches you how to build a search to detect directory traversal
This module teaches you how to build a search to detect hexing coding
This section teaches you how to combine everything you have learned into a script so you can automate web log triage process
script download
This module provides an overview of the script
This module provides a demonstration of the script
This module provides a more detailed breakdown of the script
A review of the key points learned during class
Thank you for checking out the Surviving Digital Forensic Training Series!
Be sure to check out the other classes in the series here at Udemy.
Check out the Digital Forensics Survival Podcast and listen to talk about computer forensic analysis, techniques, methodology, tool reviews and more http://digitalforensicsurvivalpodcast.com
OpenCourser helps millions of learners each year. People visit us to learn workspace skills, ace their exams, and nurture their curiosity.
Our extensive catalog contains over 50,000 courses and twice as many books. Browse by search, by topic, or even by career interests. We'll match you to the right resources quickly.
Find this site helpful? Tell a friend about us.
We're supported by our community of learners. When you purchase or subscribe to courses and programs or purchase books, we may earn a commission from our partners.
Your purchases help us maintain our catalog and keep our servers humming without ads.
Thank you for supporting OpenCourser.