A short overview video of the expectations for this section.

In this short video, you will learn how to easily download ISO and OVA files used in the course.

In this first lab, you will learn how to access the Kali Linux Live Boot Menu and to start Kali Linux using the Forensic Mode feature.

In this short video and lab, you will learn how to create a full virtual install of Kali using VirtualBox.

Microsoft has made getting access to a copy of Windows 10 Pro quite a chore, especially if you have Windows 10 installed. In this video, I demonstrate how to spoof your browser to convince Microsoft you are using a MAC as your operating system.

The Metasploitable2 virtual machine is an intentionally vulnerable version of Ubuntu Linux designed for testing security tools and demonstrating common vulnerabilities.

In this hands-on lab, participants will learn how to create a forensic image of a directory using FTK Imager, a powerful and user-friendly digital forensics tool. The lab provides step-by-step guidance on imaging a directory, enabling forensic examiners to preserve digital evidence effectively for further analysis and investigation.

In this short lesson, participants will learn about the concept of browser spoofing and its potential implications for accessing otherwise hidden resources. Browser spoofing involves manipulating the user agent string of a web browser to mimic a different browser or device, often to bypass restrictions or access content not typically available.

If your desktop needs to reflect that you are someone with tech skills when a co-worker or casual user passes by and looks at your screen, you can deploy an activity generator to give the impression you are not to be trifled with.

This lab provided hands-on experience with a key cybersecurity tool, enhancing students' practical skills in digital reconnaissance and data analysis.

The OSForensics suite by PassMark Software is a comprehensive set of tools designed for digital forensics investigations. It allows users to search, recover, and analyze data from computers and storage devices. Key features include advanced file searching, email and file recovery, drive imaging, memory analysis, and system information gathering. OSForensics is used by law enforcement, corporate investigators, and cybersecurity professionals to uncover hidden or deleted files, analyze system activity, and gather evidence for legal or investigative purposes.

From time to time, Virtualbox will not have a network available for some network types. In this video, we see how this can be easily fixed.

When configuring two or more devices to use the same network type, you may encounter an issue with VirtualBox issuing the same IP address to both devices This is an easy fix.

This lab aims to guide participants through installing Autopsy 4.xx, a digital forensics tool, on a Windows 10 operating system.

In this lab, you will learn how to create a new case using Autopsy, an open-source digital forensics tool. This hands-on exercise will guide you through the steps of setting up a case, adding data sources, and organizing case details.

In this hands-on lab, participants will learn how to convert VirtualBox Disk Image (VDI) files into a format compatible with Autopsy, a popular open-source digital forensics platform. The lab provides step-by-step guidance on preparing VDI files for analysis within Autopsy, enabling forensic examiners to leverage the platform's powerful capabilities for digital investigation.

In this hands-on lab, participants will engage in practical exercises to conduct digital forensics analysis using Autopsy, an open-source platform renowned for its comprehensive forensic investigation capabilities. Through step-by-step demonstrations, participants will learn to navigate the Autopsy interface, analyze digital evidence, and extract valuable insights crucial for investigative purposes.

A Kali Linux Live image on a CD/DVD/USB/PXE can allow you to have access to a full bare metal Kali install without needing to alter an already-installed operating system. This allows for quick easy access to the Kali toolset with all the advantages of a bare metal install.

In this first lab, we address the first step that a forensic investigator takes after being brought into an investigation, acquiring evidence in a way that is forensically sound and can be used in a court of law.

You can copy and paste the following URL into your web browser to access the VDI disk image used in this lab.

https://www.dropbox.com/s/c731ygsjqyy3e3y/lecture.vdi?dl=0

In the short video presentation, you will learn how to use Autopsy to examine a forensic disk image.

In this lesson, students will learn how to use Undercover Mode in Kali Linux, a feature that allows the user interface to mimic a Windows environment. This mode is useful for discreetly working in public spaces or where a Linux interface might attract unwanted attention. The lesson will cover enabling and disabling Undercover Mode, customizing the desktop, and practical scenarios for its use in cybersecurity and penetration testing.

In this lab, you will learn how to install CSI Linux. CSI Linux was developed by Computer Forensics, Incident Response, and Competitive Intelligence professionals to meet the current needs of their clients, government agencies, and the industry.

In this first lab, you are introduced to two complementary forensic tools; both built into  Kali  Linux.  
These are Brian Carrier's tools Autopsy and  Sleuth  Kit. In this first lab, you will acquire a forensics image for analysis to help investigate a case using the forensics case management tool, Autopsy.

The CSI Linux Gateway is now an integral part of CSI. It no longer requires a separate server and client.

In this lab, you will learn how to use the WebMap Nmap Dashboard application to generate a PDF report of your Nmap scan results.

In this short video and lab, you will learn how to use two OSINT tools available within the CSI Linux Analyst. 

Since the video was produced, CSI Linux has had a major upgrade. Strangely enough, little brother is now only designed to carry out information gathering on a French, Swiss, Luxembourgish, or Belgian person. There are no US or any other modules.

In this lesson, you will learn how to find someone's social media accounts using the OSINT tool, sherlock.

In this short video, you will be given an overview of some of the features inside the OSINT Framework and see why this might be a great tool for OSINT.

In this short video and lab presentation, you will learn how to prepare and use the CSI Linux Analyst and CSI Gateway for secure anonymous access while using the Shodan search engine.

In this short video and lab, you will learn how to find vulnerable devices on the Internet using the Shodan search engine.

In this short video and lab, you will learn how to use Shodan for finding vulnerable databases.

In this video, students will see how easy it is to attach an external USB device attached to their host machine to Kali.

In this lab, you will learn how to create a forensic copy of the Windows registry.

In this lab, you will learn how to perform a forensics analysis of the Windows registry for finding forensic information relevant to a criminal investigation.

In this lesson, you will learn how to dump the credentials for any Wi-Fi network a suspect or target machine may have authenticated with in the past.

In this lecture, you will learn the fundamentals of analyzing the contents of an email header.

In this lab, you will learn how to retrieve information on archived items, even after the folders have been deleted or the external drive has been disconnected from a suspect’s machine.

Starting with Windows 7, Microsoft Windows provides the ability for the operating system to track user window viewing preferences specific to Windows Explorer. This information, called “ShellBag” information, is stored in several locations within the Windows Registry in the Windows Operating System.

In this lesson, you will learn how to extract thumbnail images from the thumbcache_*.db and iconcache_*.db database files starting with Windows 7. Thumbnail cache files have been used by law enforcement agencies to prove that a file of interest was stored on a Windows systems hard drive even if deleted. When a user deletes a file, its thumbnail remains in the cached file.

In this lesson, you will learn how to perform a forensic analysis of a Windows memory acquisition.

Live-Forensicator is a PowerShell script that will aid Forensic Investigators and Incidence responders in carrying out a quick live forensic investigation. It achieves this by gathering different system information for further review for anomalous behavior or unexpected data entry.

Ghidra is present in CSI Linux but needs Java installed to run. Since CSI Linux is built using Ubuntu and Ubuntu does not come with Java, we will need to install it.

In this lesson, you will be introduced to some of the higher-level features of Ghidra. Ghidra is a software reverse engineering (SRE) framework developed by NSA’s Research Directorate for NSA’s cybersecurity mission. Ghidra helps analyze malicious code and malware and can give cybersecurity professionals a better understanding of potential vulnerabilities in their networks and systems.

In our previous lesson, we learned about some of the high-level features in Ghidra. We will continue where our previous lab left off by reverse engineering a simple executable, crackme0x00.exe.

In the short lesson, we will continue with learning reverse engineering by decompiling a simple executable labeled crackme0x05.exe.

In this lesson, we will reverse engineer the WannaCry Ransomware to examine the killswitch discovered by Marcus Hutchins, aka MalwareTech. Marcus reverse Engineered WannaCry and found the program checks a particular URL that was not registered and inactive. If the domain remained inactive, the ransomware would install. Once Marcus registered the domain, it shut down the ransomware.

Windows Sysinternal Tools is a suite of more than 70 freeware utilities that was initially developed by Mark Russinovich and Bryce Cogswell that is used to monitor, manage and troubleshoot the Windows operating system, and which Microsoft now owns and hosts on its TechNet site.

Process Explorer is a free task manager and system monitor software for the Windows operating systems. Process Explorer is a more powerful version of Task Manager, a program usually used to get information about computer performance and resource usage. However, process Explorer offers many features not present in Task Manager – it will show you the detailed information about each process, provide you the CPU usage tracking for processes, figure out which process has loaded a DLL file, enable you to kill or suspend a process, interactively set the priority of a process, and much more.

Process Explorer is an advanced process management utility that picks up where Task Manager leaves off. It will show you detailed information about a process including its icon, command-line, full image path, memory statistics, user account, security attributes, and more. When you zoom in on a particular process you can list the DLLs it has loaded or the operating system resource handles it has open. A search capability enables you to track down a process that has a resource opened, such as a file, directory, or Registry key, or to view the list of processes that have a DLL loaded.

In this short video and lab, you will learn how to use Steghide to hide an image inside another image and then extract that same hidden image.

In this lab, you will learn how to examine and manipulate the EXIF metadata hidden in an image file.

In this lesson, you will be presented with an overview of Wireshark.

In this lesson, you will learn about the different capture options available in Wireshark.

In this short video presentation, you will be introduced to the tollbar icons in Wireshark.

In this short lab, you will learn how to install a wireless adapter in Kali Linux.

In this lab, you will learn how to audit a wireless network for weak authentication.

In this short video presentation, you will learn how to configure Wireshark for capturing wireless traffic.

In this short video, you will learn how to capture and examine a three-way TCP handshake using Wireshark.

In this lab, you will learn how to build your lab environment for this Capture the Flag exercise. 

In this lab, you will learn what tools you can learn to capture the first flag of the CTF.

In this lab, you will learn what tools you can learn to capture flag #2 for this CTF.

This is the lab and video on how to capture the third flag for this CTF. This is a long one with lots to learn so take your time.

In this last video for this CTF, you will learn how to capture the fourth and final flag for this exercise.