Preferred method of contact:

Digital Media Forensics Essentials Labs

COURSE TYPE

Hands-On

Course Number

E004

PDF Add to WishList

Learn the security techniques used by the Internet’s most skilled professionals. CYBRScore Digital Media Forensics Essentials, which includes 19 hands-on labs, will provide you with an introduction to media collection, imaging and analysis.

This Lab Bundle is designed to align to EC-Council’s Certified Ethical Hacker certification — Course 2055, Digital Forensics Tools and Techniques.

You Will Learn How To:

  • Detect, identify, and analyze malicious activity
  • Use detection various tools and tools like Wireshark and Snort to read, capture, and analyze traffic
  • Identify and remove trojans, malicious files, and/or processes

Important Course Information

What course does this lab bundle align to?

What is a CYBRScore Lab Bundle?

  • CYBRScore Labs are pre-configured hardware layouts with accompanying lab guides for fast, convenient access that make studying for an exam or learning new technologies an engaging experience.

How long will each lab take to complete?

  • Each lab consists of multiple tasks that take anywhere from 30 minutes to 2 hours to complete.

Are there any system requirements?

  • All you need is an HTML5 compatible browser, such as Google Chrome, Mozilla Firefox, or Microsoft Edge.

How long do I have access to the labs for?

  • CYBRScore Labs are available use for 6 months after the date of purchase. CYBRScore Labs are hosted online and available 24x7x365.

How do I access my purchased labs?

  • Once your purchase is complete, Learning Tree will contact you with the URL and login credentials you will use to access your lab bundle.

Course Outline

  • Analyze Malicious Activity in Memory Using Volatility

Students will use the open source Volatility tool to analyze a memory snapshot and determine what malicious software has infected the victim machine.

  • Conduct Log Analysis and Cross Examination for False Positives

Students will confirm the validity of event-data analysis to eliminate false-positive events.

  • Creating a Baseline Using the Windows Forensic Toolchest (WFT)

Students will run Windows Forensic Toolchest against an existing system to create a baseline that will be used for future analysis.

  • Data Recovery with Autopsy

Students will ingest and process a previously acquired forensic image using Autopsy. The focus of the lab will be on recovering data from the image, reviewing the supplied forensic report and verifying that the image is forensically sound.

  • Detect the Introduction and Execution of Malicious Activity

In this lab, the student will simulate browsing and downloading a malicious file from a website then learn how to detect the introduction and executions of malicious activity on a Win7 machine.

  • Dynamic Malware Analysis Capstone

Students will use utilize two virtual machines, inside a protected network, to observe configuration changes on a known good / clean system and all of the unusual network traffic generated by the suspect software they will be analyzing. On the clean system they will use Regshot, Argon Network Switcher, Process Hacker, Process Monitor and Noriben to gather details on what the suspicious program is actually doing. On another support machine they will set up a fake DNS server to receive all suspicious traffic, and pass that traffic over to Wireshark for further analysis. This lab will continue to foster tool familiarization and will provide the students an introduction to capturing network traffic by using a simple "man-in-the-middle" system.

  • Identify Access to a LINUX Firewall Through SYSLOG Service

Students will identify access to a PFSENSE firewall through the forwarding of SYSLOG (System logs) from a Firewall to the SYSLOG service we have configured and set up on the Network. Students will then identify malicious activity through system logs.

  • Identify and Remove Trojan Using Various Tools

Students will detect malicious files and processes using various tools. Students will then remove the malicious files and/or processes.

  • Identify Suspicious Information in VM Snapshots

Students will identify known IOCs for Stuxnet and save them for analysis. Students will then identify malicious drivers associated with the malware, and identify AES keys in memory.

  • Identify Whether High-Risk Systems Were Affected

The highest risk systems are the ones with Internet facing Applications. One an attacker from the Internet is able to compromise the internal network, then it is very likely they will attempt to move to other machines on the network. The machines in the Demilitarized Zone (DMZ) are at high risk because they are not usually as protected as the computers which are part of the Internal Network.

  • Image Forensics Capstone

Students will create a live image using FTK Imager and verify that the image was created successfully.

  • Live Imaging with FTK Imager Lite

Students will use FTK Imager Lite to create a forensic image of a Windows 8 workstation. After they create the image they will perform a hash check to ensure that the image that was created is the same as what is currently running on the live system.

  • Memory Extraction and Analysis

This is one of the labs for the Advanced Digital Media Forensics class.

  • Network Miner

This lab exercise is designed to allow the trainee to become familiar with using Network Miner.

  • Open Source Password Cracking

Students will use John the Ripper and Cain and Abel to crack password protected files.

  • Participate in Attack Analysis Using Trusted Tool Set

Students will participate in attack analysis/incident response, including root cause determination, to identify vulnerabilities exploited, vector/source and methods used (e.g., malware, denial of service). Students will then investigate and correlate system logs to identify missing patches, level of access obtained, unauthorized processes or programs.

  • Using Snort and Wireshark to Analyze Traffic

In this lab we will replicate the need for Analysts to be able to analyze network traffic and detect suspicious activity. Tools like Wireshark and Snort can be utilized to read, capture, and analyze traffic.

Show complete outline
Show Less

On Demand
Tuition — $125

Practice your skills in a virtual network environment. Learn by doing wherever you are on your own time at your own pace.

  • CYBRScore Labs are pre-configured hardware layouts with accompanying lab guides for fast, convenient access that make studying for an exam or learning new technologies an engaging experience.
  • CYBRScore Labs are available use for 6 months after the date of purchase. CYBRScore Labs are hosted online and available 24x7x365.
  • System Requirements: All you need is an HTML5 compatible browser, such as Google Chrome, Mozilla Firefox, or Microsoft Edge
  • Once your purchase is complete, Learning Tree will contact you with the URL and login credentials you will use to access your lab bundle.

Digital Media Forensics Essentials Labs

Thank you for your interest in this event, but there are no available seats at this time. Please select another date. You may also contact a customer service representative or training advisor about your training needs, from single courses to large enterprise solutions.

You have used Passport or Voucher Number for this event. Please contact our Customer Service Representative or Training Advisor and they will work with your payment options.

Please select the quantity Please select the quantity
Please enter a valid Promo Code
{{vm.lineItem.$VoucherNumberValidationMessage}} Please enter a valid Passport or Voucher Number
Email address is required Please enter a valid Email
Remember, No Advance Payment Required
• You'll have the chance to pay by credit card at checkout or request an invoice, as always
• Vouchers are accepted as payment. Don't know your Voucher or Passport#? Please use the CHAT or call us at 1-888-843-8733 for assistance.

Added to cart

For enrolling multiple subscribers at the same time, contact us »

- ,

Prev
Next
Chat Now

Please Choose a Language

Canada - English

Canada - Français