Open Source Forensics Fundamental Course

I’m planning to open my computer forensic course. For beginning, I would like to teach about using open source tools for handling computer forensic case. Since I don’t have place to teach on, the course would be on site training.
The purpose of this short course is to provide an introduction to the GNU/Linux (Linux) operating system as a forensic tool for computer crime investigators and forensic examiners. This course also try to follows the philosophy that a handsĀ­-on approach is the best way to learn.  GNU/Linux operating system utilities and specialized forensic tools available to investigators for forensic analysis are presented with practical exercises.
I will provide the course with some forensic materials which will be used along the course, such as some disk image, some log files, and of course some Linux distribution used for digital forensic stuff. The course should take 1 – 3 days. All student should prepare their own laptop or pc. Different from another general course, I will not provide course module (I’m too lazy to make such  things), but I will provide the student with some material which I collect for my own collection, ex:article, ebook, etc.

Generally the course outline would be :

Linux installation

  • Overview Linux distribution
  • Ubuntu installation
  • Desktop environment
  • Configuration Ubuntu
Linux disk, partition and file system
  • Knowing disk
  • Knowing partition
  • Using modules
  • Knowing file system
Linux boot sequence (simplified)
  • Booting the kernel
  • Knowing runlevel
  • Global start-up script
  • Service start-up script
  • Bash
Linux basic command
  • Linux at terminal
  • Another useful commands
  • File permissions
  • Knowing meta character
  • Some hints
  • Pipes and redirection
  • Super user
CLI Editor
  • Introduction pico
  • Introduction to another CLI editor
Mounting file system
  • Knowing mount command
  • File system table
Linux and forensic (basic)
  • Useful command for forensic
  • Analysis organization
  • Determining disk structure
  • Imaging evidence disk
  • Knowing loopback device
  • File hash
  • Analysis
  • Unallocated and slack space
Common forensic issues
  • Handling large disk
  • Preparing image disk
  • Obtaining disk information (Chain of custody)
Advanced Linux forensic
  • Command line
  • More with dd
  • Splitting file and image
  • Compression
  • Data carving
  • Partition carving
  • Determining the Subject Disk File System Structure
  • dd and nc
Forensic tools
  • Introduction sleuthkit
  • Exercise 1,2,3,4 and 5 with sleuthkit
  • LIBEWF (Expert Witness Files)
  • Introduction to SMART
Introduction to Linux forensic distribution
  • Introduction to various Linux distribution for DF

 

Who should attend
  • Law enforcement
  • Computer crime-related investigator
  • System administrator
  • Professional security consultant
  • Newbie
For more information you may contact me directly by email at 6d72702e62707040676d61696c2e636f6d (you might use this link to covert the hex code)