DFP comes with lifetime access to course material and flexible access to the world's best Digital Forensics virtual labs: Hera Lab.
Enroll now and get access to all of our material and labs!
Plans and Pricing
In this module, you will be introduced to the basic concepts, fundamentals, and techniques of Digital Forensics.
This module covers all stages of Data Acquisition, from imaging and prioritizing data to the actual acquisition techniques that are appropriate for each case (i.e. - using dead acquisition in the case of a rootkit). After studying this module, you will be able to identify when a live acquisition is required and how to do so without risking the integrity of the evidence. The importance of using file hashes is up next, and finally, the appropriate tools for exporting both volatile and non-volatile data are documented, accompanied by hands-on labs.
This module will make you capable of identifying files and their structure, which can be very helpful in various occasions, such as in a case of disguised files. Before that, you will dive into the structure of files and how their building blocks are used to construct them. After diving into the structure of files, you will learn to conduct a series of important forensic activities such as extracting metadata from documents, analyzing suspicious PDF/MS Office files, analyzing file headers and analyzing Exif data. Of course, the comprehension of those activities will be aided by hands-on and practical labs.
In this module, you become familiar with how disks operate and store data. File systems will then be briefly covered, which will include what data structures they use and how to analyze them. Walking through an MBR partition, performing disk analysis, recovering corrupted disks and locating hidden partitions are only a small percentage of what you will learn in this module. The corresponding labs and step by step lab manuals will make sure you get familiar with the abovementioned forensic techniques against disks.
This module enlightens you to the way that data are organized on disk. You will be able to understand the underlying method used to track files on a disk partition. The FAT and NTFS file systems are covered in this module. Through a series of slides and hands-on labs you will eventually be able to analyze FAT and NTFS file systems, investigate cases of deleted files, formatted disks, and slack space, perform file carving and create custom signatures and of course, work with established toolkits such as Winhex, Autopsy, etc.
In this module, you will get familiar with Windows Forensics. Specifically, you will learn how to detect criminal activity leveraging LNK files, the ThumbCache, prefetch files and a browser’s cache. Additionally, a series of slides and hands-on labs will make sure that you learn how to perform in-depth investigations against the Windows registry, previously mounted USB devices, Skype and explorer’s shellbags. Analyzing the Windows recycle bin is also documented as well as the important concept of time decoding.
This module covers the techniques used to examine and look for evidence within networks. This module starts by documenting effective traffic analysis and continues with how you could detect network attacks such as a DHCP starvation attack, blind DoS attacks and backdoor accounts. Using Snort IDS and SSL certificates as forensic data is also covered in this module, in addition to techniques such as file carving from network traffic.
In this module, log gathering and analysis is covered as a means of rebuilding malicious actions. Specifically, you will get familiar with Windows event analysis, web log analysis and statistical analysis in general. Familiarity will also be gained with log analysis utilizing Linux-based tools. Hands-on labs on how to detect web attacks will make sure that you get up to speed with log analysis.
This module covers timeline analysis in order to list events in a chronological order, regardless of their type or location. Performing timeline analysis is crucial on investigations since it can provide you with event context. You will learn what types of events to gather so that you create a meaningful and actionable timeline. Such events could be system events, file activity, browser activity, application activity and various logs. The most effective tools for creating or viewing timelines are also documented.
In this module, you will become familiarized with the most important part in most security-related operations. Reporting. Specifically, you will find tips on effective report writing, so that you can create a meaningful and actionable report. Time management is also taken into consideration so that you deliver your report always within the provided time frame. Specifically, we will guide you through the proper report structure, event/finding narration and level of technical details, so that you can professionally present your findings.
The Digital Forensics Professional (DFP) course is the most practical training course on digital forensics. Being integrated with Hera Lab, the most sophisticated virtual lab in IT Security, it offers an unmatched practical learning experience. Hera is the only virtual lab that provides fully isolated per-student access to each of the real-world network scenarios available on the platform. Students can access Hera Lab from anywhere through VPN.
|Lab 1||How to Acquire Data||Educational|
|Lab 2||How to Acquire Data Using Linux||Educational|
|Lab 3||Basic File Header Analysis||Educational|
|Lab 4||Extracting Metadata from Documents||Educational|
|Lab 5||Basic PDF and Word Document Analysis||Educational|
|Lab 6||Analyzing Microsoft Office Documents||Educational|
|Lab 7||Recovering A Corrupted Disk - MBR Case||Educational|
|Lab 8||Recovering a Corrupted Disk - GPT Case||Educational|
|Lab 9||Locating Hidden Partitions and Partition Gaps||Educational|
|Lab 10||Analyzing FAT File System||Educational|
|Lab 11||Investigating Deleted Files, Formatted Disks, and Slack Space||Educational|
|Lab 12||Walking Through an NTFS File System Attributes||Educational|
|Lab 13||File Carving and Creating Custom Signatures||Educational|
|Lab 14||Windows Registry Analysis||Educational|
|Lab 15||Analyzing Different Windows Artifacts||Educational|
|Lab 16||USB Forensic Analysis||Educational|
|Lab 17||Analyzing Windows Recycle Bin||Educational|
|Lab 18||Traffic Analysis Using Wireshark - Part 1||Educational|
|Lab 19||Traffic Analysis Using Wireshark - Part 2||Educational|
|Lab 20||Network File Carving||Educational|
|Lab 21||Investigating Network Scans||Educational|
|Lab 22||Investigating Network Attacks||Educational|
|Lab 23||Using Snort IDS||Educational|
|Lab 24||Analyzing SSL TLS Certificates and Traffic||Educational|
|Lab 25||Log Analysis using Linux||Educational|
Ali Hadi is a Senior Information and Cyber Security Specialist with 14+ years of industrial experience in Information Technology (IT). Ali is currently working as a full-time university professor and researcher for Champlain University in Vermont, USA, and was previously a professor in the Computer Science Department at Princess Sumaya University for Technology in Amman, Jordan.Ali provides consulting in several areas of security including digital forensics and incident response, cyber threat hunting, cyber threat intelligence, penetration testing, and vulnerability assessments. Ali is also an author, speaker, and freelance instructor where he has delivered technical training to law enforcement agencies, banks, telecoms, private companies, and other institutes. Ali's research interests include digital forensics, cyber threat hunting, and cyber threat intelligence.
Enroll now and get access to all of our material and labs!
The mix of Video Tutorials, exercises and support from fellow students on the forum was fantastic. Anyone who wants to specialize in Web Penetration Testing, this course is a must to get you started. Thanks for your efforts in making this happen
Manager Consulting Pty Ltd
Having been in the security field for over 5 years I assumed this would be a quick and easy certification. After getting into the training course I was pleased to find that I was learning new things and that the course was certainly more challenging than I had anticipated. I found that it filled in several knowledge gaps when it comes to pentesting, and I would recommend this course to both veterans and newcomers to the security field.
eLearnSecurity's training really dives deep into the underlying concepts beneath pentesting tools.
Timothy E. Everson