digital-forensics-lab-free-hands-on-digital-forensics-labs-for-students-and-faculty

Features of Repository

===================

  • Hands-on Digital Forensics Labs: designed for Students and Faculty
  • Linux-based lab: All labs are purely based on Kali Linux
  • Lab screenshots: Each lab has PPTs with instruction screenshots
  • Comprehensive: Cover many topics in digital forensics
  • Free: All tools are open source
  • Updated: The project is funded by DOJ and will keep updating
  • Two formalized forensic intelligence in JSON files based-on case studies

Table of Contents (updating)

# The following commands will install all tools needed for Data Leakage Case. We will upgrade the script to add more tools for other labs soon.

wget https://raw.githubusercontent.com/frankwxu/digital-forensics-lab/main/Help/tool-install-zsh.sh
chmod +x tool-install-zsh.sh
./tool-install-zsh.sh

Investigating P2P Data Leakage

==============

The P2P data leakage case study is to help students to apply various forensic techniques to investigate intellectual property theft involving P2P. The study include

  • A large and complex case involving a uTorrent client. The case is similar to NIST data leakage lab. However, it provides a clearer and more detailed timeline.
  • Solid evidence with explanations. Each evidence that is associated with each activity is explained along with the timeline. We suggest using this before study NIST data leakage case study.
  • 10 hands-on labs/topics in digital forensics

Topics Covered

LabsTopics CoveredSize of PPTs
Lab 0Lab Environment Setting Up4M
Lab 1Disk Image and Partitions5M
Lab 2Windows Registry and File Directory15M
Lab 3MFT Timeline 6M
Lab 4USN Journal Timeline3M
Lab 5uTorrent Log File 9M
Lab 6File Signature 8M
Lab 7Emails 9M
Lab 8Web History 11M
Lab 9Website Analysis 2M
Lab 10Timeline (Summary)13K

Investigating NIST Data Leakage

==============

The case study is to investigate an image involving intellectual property theft. The study include

  • A large and complex case study created by NIST. You can access the Senario, DD/Encase images. You can also find the solutions on their website.
  • 14 hands-on labs/topics in digital forensics

Topics Covered

LabsTopics CoveredSize of PPTs
Lab 0Environment Setting Up2M
Lab 1Windows Registry3M
Lab 2Windows Event and XML3M
Lab 3Web History and SQL3M
Lab 4Email Investigation3M
Lab 5File Change History and USN Journal2M
Lab 6Network Evidence and shellbag2M
Lab 7Network Drive and Cloud5M
Lab 8Master File Table ($MFT) and Log File ($logFile) Analysis13M
Lab 9Windows Search History4M
Lab 10Windows Volume Shadow Copy Analysis6M
Lab 11Recycle Bin and Anti-Forensics3M
Lab 12Data Carving3M
Lab 13Crack Windows Passwords2M

Investigating Illegal Possession of Images

=====================

The case study is to investigate the illegal possession of Rhino images. This image was contributed by Dr. Golden G. Richard III, and was originally used in the DFRWS 2005 RODEO CHALLENGE. NIST hosts the USB DD image. A copy of the image is also available in the repository.

Topics Covered

LabsTopics CoveredSize of PPTs
Lab 0HTTP Analysis using Wireshark (text)3M
Lab 1HTTP Analysis using Wireshark (image)6M
Lab 2Rhion Possession Investigation 1: File recovering9M
Lab 3Rhion Possession Investigation 2: Steganography4M
Lab 4Rhion Possession Investigation 3: Extract Evidence from FTP Traffic3M
Lab 5Rhion Possession Investigation 4: Extract Evidence from HTTP Traffic5M

Investigating Email Harassment

=========

The case study is to investigate the harassment email sent by a student to a faculty member. The case is hosted by digitalcorpora.org. You can access the senario description and network traffic from their website. The repository only provides lab instructions.

Topics Covered

LabsTopics CoveredSize of PPTs
Lab 0Investigating Harassment Email using Wireshark3M
Lab 1t-shark Forensic Introduction2M
Lab 2Investigating Harassment Email using t-shark2M

Investigating Illegal File Transferring (Memory Forensics )

=========

The case study is to investigate computer memory for reconstructing a timeline of illegal data transferring. The case includes a scenario of transfer sensitive files from a server to a USB.

Topics Covered

LabsTopics CoveredSize of PPTs
Lab 0Memory Forensics11M
part 1Understand the Suspect and Accounts
part 2Understand the Suspect’s PC
part 3Network Forensics
part 4Investigate Command History
part 5Investigate Suspect’s USB
part 6Investigate Internet Explorer History
part 7Investigate File Explorer History
part 8Timeline Analysis

Investigating Hacking Case

=========

The case study, including a disk image provided by NIST is to investigate a hacker who intercepts internet traffic within range of Wireless Access Points.

Topics Covered

LabsTopics CoveredSize of PPTs
Lab 0Hacking Case8M

Investigating Android 10

The image is created by Joshua Hickman and hosted by digitalcorpora.

=========

LabsTopics CoveredSize of PPTs
Lab 0Intro Pixel 33M
Lab 1Pixel 3 Image2M
Lab 2Pixel 3 Device4M
Lab 3Pixel 3 System Setting5M
Lab 4Overview: App Life Cycle11M
Lab 5.1.1AOSP App Investigations: Messaging4M
Lab 5.1.2AOSP App Investigations: Contacts3M
Lab 5.1.3AOSP App Investigations: Calendar1M
Lab 5.2.1GMS App Investigations: Messaging6M
Lab 5.2.2GMS App Investigations: Dialer2M
Lab 5.2.3GMS App Investigations: Maps8M
Lab 5.2.4GMS App Investigations: Photos6M
Lab 5.3.1Third-Party App Investigations: Kik4M
Lab 5.3.2Third-Party App Investigations: textnow1M
Lab 5.3.3Third-Party App Investigations: whatapp3M
Lab 6Pixel 3 Rooting5M

Tools Used

========

Nameversionvendor
Wine6.0https://source.winehq.org/git/wine.git/
Vinetto0.98https://github.com/AtesComp/Vinetto
imgclip05.12.2017https://github.com/Arthelon/imgclip
Tree06.01.2020https://github.com/kddeisz/tree
RegRipper3.0https://github.com/keydet89/RegRipper3.0
Windows-Prefetch-Parser05.01.2016https://github.com/PoorBillionaire/Windows-Prefetch-Parser.git
python-evtx05.21.2020https://github.com/williballenthin/python-evtx
xmlstarlet1.6.1https://github.com/fishjam/xmlstarlet
hivex09.15.2020https://github.com/libguestfs/hivex
libesedb01.01.2021https://github.com/libyal/libesedb
pasco-project02.09.2017https://annsli.github.io/pasco-project/
libpff01.17.2021https://github.com/libyal/libpff
USN-Record-Carver05.21.2017https://github.com/PoorBillionaire/USN-Record-Carver
USN-Journal-Parser1212.2018https://github.com/PoorBillionaire/USN-Journal-Parser
JLECmd1.4.0.0https://f001.backblazeb2.com/file/EricZimmermanTools/JLECmd.zip
libnl-utils3.2.27https://packages.ubuntu.com/xenial/libs/libnl-utils
time_decode12.13.2020https://github.com/digitalsleuth/time_decode
analyzeMFT2.0.4https://github.com/dkovar/analyzeMFT
libvshadow12.20.2020https://github.com/libyal/libvshadow
recentfilecache-parser02.13.2018https://github.com/prolsen/recentfilecache-parser

Contribution

=============

  • Frank Xu
  • Malcolm Hayward
  • Richard (Max) Wheeless

Download Digital-Forensics-Lab

Leave a Reply

Your email address will not be published. Required fields are marked *