ThinkCyber Forensics


TCWF and TCNF are part of the training programs in the Digital Forensics field developed by ThinkCyber. Students that will be certified are able to conduct Digital Forensics investigations, help identify intrusions and more. 


To become certified, a student needs to complete ThinkCyber's online program and pass the hands-on exam. For a hands-on experience, each student receives access to virtual simulations where techniques that are learned within the course, can be practiced.

 Network Forensics 


The first scenario is an introduction to PCAP analysis. In this scenario, you will be practicing and learning about the tool TShark and the statistic functions it provides.

 Network Forensics 


In the second scenario, you investigate network files from infected computers. Use your knowledge in TShark and Scalpel to analyze the PCAPs.

 Network Forensics 


In this scenario, you will practice Linux file manipulations in order to master log analysis capabilities.

 Network Forensics 


In this scenario, you will master carving by analyzing a raw IMG file that was extracted from an infected computer.

 Network Forensics 


This scenario is about Netcat and Steganography. Investigate network traffic from a server that contains hidden messages and encryptions.

 Network Forensics 


In the following scenario, you learn to deal with reports from Shodan and NMAP.

 Network Forensics 


In this scenario, you will be practicing live network traffic analyses. You were called to an office where they suspect that a computer runs a “DNS Spoof” attack on every request to the official website. 

 Network Forensics 


This is the final scenario you must show your skills and what you have learned in this training.

Network Forensics relates to the monitoring and analysis of computer network traffic for the purposes of information gathering, legal evidence, or intrusion detection. Unlike other areas of digital forensics, network investigations deal with volatile and dynamic information. Network traffic is transmitted and then lost, making network forensics a proactive investigation.

 Windows Forensics 


In this first scenario, you will work on your forensics skills using Exif Pilot and Windows CMD commands.

 Windows Forensics 


In the second Windows scenario, your goal is to practice the usage of the “HxD” and the “MFT Dump” tools, as well as the manual carving technique and removal of white noise from files. 

 Windows Forensics 


In the third Windows scenario, you will learn about ADS files, carving files without trailer and creation of image files.

 Windows Forensics 


In the fourth Windows scenario, you will focus on volatile data and obtaining user passwords.

 Windows Forensics 


In the fifth Windows scenario, you will master malware analysis, identifying and analyzing its behavior.

 Windows Forensics 


In the sixth Windows scenario, you will focus on the windows registry to understand the Operating System secrets.

 Windows Forensics 


In this scenario, you will learn about the web browsers cache, recovery of deleted files and Windows events.

 Windows Forensics 


In this Windows scenario, you will learn about prefetch files, processes and perform a deep investigation of the MFT file.

Windows Forensics is a subfield of cyber forensics that is geared towards Windows systems. Given the number of Windows systems in use, an understanding of Windows forensics is crucial in order to mitigate the damage done by an attacker.

 Forensics Certification 

Scenario 01

The Richmond VA police request your help in proving the guilt of one of their suspects. You will receive the computer files of the suspect which they believe contains a proof that he is indeed a drug dealer, and that he is related to another dealer whose name is Marcus. Your goal is to provide them with Marcus's phone number, and with the credentials of the suspect's bank account.

 Forensics Certification 

Scenario 02

In this scenario, the Europol requested assistance from our office in finding the location of a planned terrorist attack. Your goal is to research the computer, whose owner is suspected to plan a terror attack.

 Forensics Certification 

Scenario 03

In this scenario, the main server of a big and important company has been hacked. The hacker spread a virus that split the files into pieces.

The hacker demands a ransom to decrypt to a readable state. As a big and well-known corporation, they will not support illegal theft of information and as a result, they don’t intend to pay the ransom.

 Forensics Certification 

Scenario 04

The main processing unit has been compromised by a group of hackers. The attackers scrambled our users, but we have managed to dump the memory of the computers during the event but we couldn’t access the users. One of the users stored vital information - and it must be retrieved.

 Forensics Certification 

Scenario 05

A classified company that goes by PRIVATE INSURED LTD. has arrested a suspect based on an IP address, but they lack hard evidence against this person, as they cannot send you the drive, they had a private investigator to make a first analyses of the laptop, your goal is to gather evidence as we may face a national threat.

 Forensics Certification 

Scenario 06

A big project was attacked by ransomware, this company requires your assistance with helping them to order. You will have access to the computer files and to the main hard drive of the machine, your goal is to get back the original files.

 Forensics Certification 

Scenario 07

One of the most famous and trending clothing has requested your company assistance with a strange case. A computer in their network is stealing data, encoding it and sending it to a CNC server. They managed to capture a sample of the network which, they suspect, contains important PDF files.
Your goal is to find a way to decode them and recover the data.

 Forensics Certification 

Scenario 08

One of the employees of the company has gone mad after being fired, he stole his whole research and the data he gathered from the company database. Eventually, the IT and SOC teams discovered that he left a ‘data bomb’ designed to delete all files in the database after a few days. It seems that you have 2 hours, give or take, before the 'data bomb' goes off, your goal is to find the code to disarm it.


Register for TCWF or TCNF.

The student receives an online version of the cyber forensics book.

After reading the forensics book, the student starts his online hands-on training.

The student gets eight (8) scenarios to practice real scenarios, in Windows and Network forensics.

At the end of the training, students will enter a final scenario that will test their capabilities.

Students that will pass, will be granted a ThinkCyber certification.

Choose your certification program

© 2020 by ThinkCyber

Ze'ev Jabotinsky St 7,

Ramat Gan, IL.