top of page

1999

Cyber Forensics

Válido por 9 meses

Organizations: Contact us for enterprise solutions and volume pricing.

Cyber Forensics

Windows Forensics, Linux Forensics and Network Forensics

Comprehensive forensics training across Windows, Linux, and network environments. Master evidence collection, analysis techniques, and investigation methodologies to conduct thorough digital forensics investigations.

Series

All-in-One Entry-Bundles

Program Codes

NX212 / NX213 / NX215

Levels

3 - 4

Organizations: Contact us for enterprise solutions and volume pricing.

Description

Develop expert-level digital forensics capabilities across major platforms. Master evidence collection, analysis techniques, and investigation methodologies for Windows systems, Linux environments, and network traffic. Perfect for those pursuing digital forensics roles.

Most students complete this bundle in X-Y months when studying regularly. [Learn more about our methodology →]

Note: The bundle begins with essential networking and security fundamentals through XE101 and NX201 - ensuring you'll build the right foundation before diving into advanced forensics techniques. These initial courses will be a quick refresher for experienced professionals while providing crucial groundwork for those new to the field.

What Our Clients Say

John Bryce.jpg
“Over 1000 of our students have been trained using ThinkCyber's Products and Services. The hands-on experience they gain from using the Cyberium Arena Simulator and Specto is invaluable and has been instrumental in their career progression”

— John Bryce Training Center, Israel

HLS Testomonial.jpg
“The training was crucial, providing my team with a wealth of knowledge through hands-on experiences. This is why, throughout June 2023, we will be welcoming SOC analysts from across the nation to participate in the CACC (CERT-IL Advanced Cyber Training). This training, facilitated by ThinkCyber and utilizing the Cyberium simulator, will provide invaluable experience and knowledge upgrades.”

— Homeland Security

James CFC Testimonial.jpg
“Our students are getting excellent positions such as SOC Analysts, Network Security Engineers, Forensics and Penetration Testers thanks to the applicable and relevant hands-on cybersecurity skills they've acquired through ThinkCyber's solutions.”

— James Lim, CEO of Centre for Cybersecurity Institute, Singapore

Army Testimonial.jpg
“Exceptional course! I've attended numerous programs, but this outshines them all in every conceivable way: the comprehensive content, the expert guidance, the practical exercises, and the seamless organization of the entire course.”

— Defense Forces

Program Impact & Outcome

After completing this specialized bundle, you will:

  • Master comprehensive digital evidence handling

  • Perform advanced Windows, Linux, and network forensics

  • Analyze memory dumps and system artifacts

  • Investigate network intrusions and security incidents

  • Work with professional forensic toolsets

  • Conduct thorough cross-platform investigations

Real-World Training Environment

From day one in our Cyberium Arena simulator:

  • Work with professional forensics platforms and tools

  • Analyze live systems and network traffic

  • Practice evidence collection and preservation

  • Perform memory analysis and disk forensics

  • Experience realistic investigation scenarios

  • Build expertise across multiple operating systems

What You Will Learn

The Ethical Hacking bundle provides a comprehensive, hands-on approach to digital forensics across Windows, Network, and Linux environments. This powerful combination of training programs equips cybersecurity professionals with the essential skills needed to investigate, analyze, and secure modern computing systems.

XE101 – Intro-to-Cyber
  • This module delves into the basic of digital communication. Learners will understand digital sizes and binary, the language of computers. The module also demystifies IP addresses, differentiating between private, public, and general addresses. Furthermore, it explores network services, common protocols, DNS, and DHCP, setting a firm foundation for understanding how digital networks operate.

    • Digital Sizes

    • Binary

    • IP Addresses

    • Private Addresses

    • Public Addresses

    • General Addresses

    • Network Services

    • Services

    • Common Protocols

    • DNS

    • DHCP

  • This module offers a hands-on approach to understanding cybersecurity. Using tools such as Shodan and Google Dorks, learners will learn how to search the internet for sensitive information, demonstrating the vulnerability of digital data. The module also explores hashes, their uses, and different hash functions. Additionally, learners will familiarize themselves with encoding techniques like Hex and Base64, which play a significant role in data security.

    • Shodan

    • Searching with Shodan

    • Google Dorks

    • How Google Works

    • Basic Queries

    • Finding Sensitive Information

    • Hash

    • The Use of Hash

    • Different Hash Functions

    • Encoding

    • Hex

    • Base64

  • This module gives an in-depth understanding of network data analysis. Through hands-on practice with Command Prompt and Wireshark, students will learn how to examine and interpret network traffic. The module also introduces the OSI and TCP/IP models, integral frameworks in understanding network communication. Lastly, learners will master the use of Wireshark filters and statistics for effective data analysis.

    • Command Prompt

    • OSI and TCP/IP Model

    • Network Traffic

    • Wireshark Basics

    • Wireshark Filters

    • Wireshark Statistics

NX201 – Network Research
  • This module provides an in-depth look into virtualization, focusing on Linux. It begins with an overview of virtualization and Linux distros, guides on Linux installation, and using VMWare. It addresses network configurations, Linux administration topics like directory structures, user management, packages, file manipulation commands, and concludes with scripting and automation in Linux.

    • Virtualization

    • Introduction to Virtualization

    • About Linux Distro

    • Installing Linux

    • Working with VMWare

    • Bridged vs. NAT

    • Working with Linux

    • Linux Directories

    • Linux Users

    • Packages

    • File Manipulation Commands

    • Text and File Manipulation Technics

    • Linux Scripts and Automation
       

  • This module offers a deep dive into key networking protocols and services. It starts by exploring the TCP/IP model, followed by detailed examinations of DNS, DHCP, and ARP protocols, then transitions into network services, providing insights into the workings of SSH, FTP, and the Apache web server. This comprehensive study of networking equips learners with crucial knowledge for managing and securing digital networks.

     

    • Protocols

    • TCP/IP Model

    • DNS

    • DHCP

    • ARP

    • Network Services

    • SSH

    • FTP

    • Apache
       

  • This module dives into network scanning and attack techniques. It starts with Nmap and Masscan, powerful tools for network scanning, then covers brute force and offline attack strategies. This course offers invaluable skills for network security testing.

    • Scanning

    • Nmap

    • Masscan

    • Brute Force

    • Offline Attacks

    • Creating Wordlists

    • Wireshark

    • Filtering and Parsing

    • Extracting Objects
       

  • This module delves into various network attacks and defense techniques. It covers Man-in-the-Middle (MiTM) and ARP Poisoning strategies, service brute-forcing, and analysis of cyberattacks. Learners are introduced to reverse and bind payloads, and hands-on training with Msfvenom and Msfconsole. Finally, it explores firewall operation, including port blocking and device monitoring, imparting critical skills for network security.

    • Network Attacks 

    • MiTM

    • ARP Poisoning 

    • Service Brute-Force

    • Analyzing Attacks

    • Cyber Attack

    • Reverse and Bind Payloads

    • Working with Msfvenom

    • Working with Msfconsole

    • Firewall

    • About Firewall Operation

    • Blocking Ports

    • Monitoring Devices
       

NX212 – Windows Forensics
  • This module explores file and disk handling, encoding, and number systems, delving into digital sizes and SSD features. It includes hands-on training with a Hex Editor and teaches disk and file viewing techniques. The section proceeds to cover automatic carving, and methods to examine system files and metadata in Windows.

    • Files and Disks

    • Encoding

    • Number Systems

    • Digital Sizes

    • Solid State Drive (SSD) Features

    • Hex Editor

    • Working with Offsets

    • Viewing Files

    • Viewing Disks

    • Automatic Carving

    • Carving Methods

    • Automatic Carvers

    • Windows System Files

    • Metadata

    • Viewing Metadata

    • Modified Accessed Created

    • Editing Exif Data
       

  • This module delves into steganography, teaching how to identify, extract, and create hidden files. It transitions into hard disk analysis, focusing on system files and Master File Table (MFT) analysis. It also imparts hands-on experience with Forensic Toolkit (FTK), a crucial tool for digital forensics. This module equips learners with vital skills in data hiding and disk analysis.

    • Steganography

    • Identify Hidden Files

    • Extracting Hidden Files

    • Creating Hidden Files

    • Hard Disk Analysis

    • System Files

    • MFT Analysis

    • Working with FTK

  • This module delves into the analysis of digital artifacts. It focuses on registry analysis, including data extraction and examination of NTUSER.DAT files. The module concludes with techniques for conducting a general search and the use of registry viewers, thereby enhancing learners' understanding of digital artifact investigation.

    • Artifacts

    • Artifact Directories

    • Browsers

    • Shadow Copies

    • Registry Analysis

    • Extracting Data

    • NTUSER.DAT Analysis

    • General Search

    • Registry Viewers
       

  • This module delves into the complex realms of memory, event, network, and malware analysis. It imparts key skills for inspecting computer memory, investigating system events, analyzing network interactions, and examining malicious software, thereby equipping learners with critical abilities for cyber forensics investigations.

    • Memory Analysis

    • Creating an Image

    • Working with Volatility

    • Carving Data from RAM

    • Events Analysis

    • Event Viewers

    • Setting Audit Policy

    • Custom Search

    • Network Analysis

    • Service Protocol Analysis

    • Identifying Darknet Connections

    • Malware Analysis

    • Basic Static Analysis

    • Basic Dynamic Analysis
       

NX213 – Network Forensics
  • Delve into the core of networking with an in-depth exploration of network protocols and packet structures. Master advanced tools and techniques, from Wireshark and TShark analysis to GeoIP integration and Scapy module applications. Enhance your skills in intrusion detection, packet crafting, and working with IPv6.

    • Networking

    • Network Protocols

    • Packet Structure

    • Netstat and ProcMon

    • SysInternal

    • Intrusion Detection Methods

    • Wireshark Advanced: Network Attacks

    • TShark Analysis

    • GeoIP Integration

    • Using the Scapy Module

    • Crafting and Analyzing Packets

    • Working with IPv6
       

  • Dive into the world of Zeek, a dynamic network analysis framework. Master the art of automating processes, monitoring data into logs, and utilizing Zeek-Cut parsing. Enhance investigative skills by replaying packets and crafting detailed timelines.

    • Zeek

    • Output Logs

    • Automating Process

    • Monitoring Data into Logs

    • Zeek-Cut Parsing

    • Replaying Packets for Investigating

    • Creating a Timeline
       

  • Embark on a comprehensive journey through network investigations, from understanding the MiTM attack and identifying network anomalies to mastering flow analysis. Delve into tools like NetworkMiner and file carvers, and navigate the intricacies of Wi-Fi, from capturing wireless traffic to managing network access modes.

    • Investigation Process

    • MiTM Attack

    • Find Network Anomalies 

    • Flow Analysis 

    • Network File Carving

    • NetworkMiner

    • File Carvers

    • Capturing Wireless Traffic

    • Gaining Access Through Wi-Fi

    • HTTPS Traffic 
       

  • Deepen your understanding of network security with IPS and IDS systems, focusing on their operation and configuration. Dive into the world of Sysmon, from installation to capturing network events. Enhance your expertise with tools like Snort, a cornerstone in intrusion detection.

    • IPS and IDS

    • Sysmon

    • Installing and Configuration Sysmon

    • Network Events

    • IDS/IPS Operation Process

    • IDS/IPS Configuration

    • Snort
       

NX215 – Linux Forensics
  • This module provides a comprehensive introduction to Linux fundamentals, then delves into the details of Linux services, including how they are managed and configured. Finally, it equips learners with scripting skills, vital for automation and advanced tasks in Linux environments.

    • Intro to Linux

    • Virtualization

    • Basic Commands

    • System Files

    • Services

    • Installation

    • Configuration Files

    • Logs Files

    • Scripting

    • File Permissions

    • Linux Automation
       

  • Log Analysis, it details how to inspect Linux logs for vital clues during an investigation. The File Analysis section teaches methods to dissect Linux file systems and extract meaningful data. Finally, Network Analysis imparts techniques for inspecting network traffic and identifying suspicious patterns or anomalies, essential for cyber investigations.

    • Log Analysis

    • Text Manipulation

    • Built-in Logs

    • Logs Best Practice

    • File Analysis

    • Metadata

    • Carving

    • Steganography

    • Calls

    • Network Analysis

    • Wireshark

    • General Network Tools

    • TShark Automation
       

  • The Artifact section instructs how to locate and interpret Linux system artifacts, invaluable in post-breach investigations. Live Analysis imparts skills to scrutinize active systems, identifying ongoing threats. The Analyzing Images portion discusses methods to inspect and interpret disk images, revealing concealed data or evidence.

    • Artifacts

    • Hashes and Encodings

    • User Files

    • Understanding Shells

    • System Files

    • Suspicious User-Info

    • Live Analysis

    • Mounting Partitions

    • Dumping Memory

    • Cloning HDD

    • Log File Advance Search

    • Captured Images

    • Working with FTK

    • Detecting Hidden Files and Directories
       

  • This module covers essential Network Protocols, providing an understanding of their operations and potential vulnerabilities. It then explores Network Attacks, discussing various attack vectors and strategies. Lastly, the module introduces the concept of hardening, teaching learners how to strengthen a Linux system against possible threats.

    • Netcat

    • Different Uses

    • Network Protocols

    • MiTM

    • Analyzing Traffic

    • Network Attacks

    • SSH

    • FTP

    • Hardening
       

bottom of page