Windows files analysis

Windows event log files.
Prefetch files. Windows Recycle Bin, Shortcuts, VSS. Tools for analysis

Remediation

Basic concepts of remediation process. Response plan. Containment and eradication actions.

Digital Forensic fundamentals

Terms, principles and definitions of digital forensic. Live and postmortem approaches.

Incident Response Foundations

Basic terms and definitions of IR. Nature of cyber attacks. Used cases.

Incident Response Management

Lifecycle of cyber incident. IR process.Preparation to IR.

Data Collection

Evidence acquisition. Disk’s imaging. Dump of memory. Network traffic capturing.

Incident Detection and Initial Response

Monitoring and initial analysis of suspicious alerts. Verification and assessment of incidents. Basic indicators of compromise.

Live Analysis

Tools to collect data. Order of volatility.
Remote approach for evidence acquisition.

Registry Analysis

Structure of MS Windows registry. Tools for analysis.

Filesystem Analysis

Structure of different types of filesystems.
NTFS, ext4, APFS

Timeline

Timeline introduction. TSK.
Super timeline - Plaso framework.

Data Recovery

Approach to data recovery. Data carving.

Browser and Email Investigation

History files, Cache, Cookies in various browsers. Outlook OST and PST files..

Memory Forensics

Memory structure. Basic conceptions. Volatility and Recall frameworks.

Network Forensics

Application’s log exploring, using Wireshark.
Bro Framework.