WINDOWS FORENSICS / BT210
FIVE | TWELVE | 92% | 40
SCENARIOS LABS HANDS-ON DURATION
Windows Forensics is an essential skill in the cybersecurity world. This training covers a broad spectrum of aspects of the forensic investigation process performed on Windows OS. Participants will learn how different computer components work and how they can investigate after a cyber-incident. The training will focus on developing hands-on capabilities of forensics teams or individual practitioners.
Virtualization Forensics Workstation
Understanding Hashes and Encryption
Understanding Windows Authentications
Data and Files Structure
Forensic Data Carving
Collecting Windows Information
Drive Data Acquisition
Analyzing Captured Images
Working with Volatile-Memory
A small finance company named Bitsafe has suffered from a collision attack. The incidents caused the loss of $130,000, by exploiting and forge the digital signature of a transaction between clients, allowing the attacker to break the communication encoded with the SHA-1 algorithm.
Cellebrite company that provides digital forensics tools and software was hacked. The hacker managed to extract 100 GB of photos containing law enforcement investigations evidence. The hacker has not yet publicly released anything from the stolen data archive, which includes customers' information, databases, and other technical data.
Researchers from the “SciTech” institute have discovered some images taken by criminals from the dark web markets. Digital images come with basic metadata, as well as EXIF data that contains information about the device with which it was taken. The forensics investigator has been asked to reveal the locations of the images for further investigation.
A CTO of a small stocks marketing company claimed that he found suspicious activity on his laptop. He stated that some of his files suddenly moved from one location to another when other files seem to be modified on illogical dates. He asked you as the Forensics expert to check if you can find anomaly indicators that are relevant to his files.
A large transnational company related services and products in Tourism had unauthorized access lately. Some weird cronjobs were created, and there has been some unexpected outgoing traffic. We think someone has gained access to the server and managed to create a backdoor using the website itself.