top of page

1,600

NX215 – Linux Forensics

Valid for 6 months

*Typical completion, beginning to end: 6-9 months, when studying regularly

Linux Forensics

Advanced Linux system investigation

Master forensic analysis techniques for Linux systems, from artifact collection to incident reconstruction.

Series

NX Defense

Program Code

NX215

Duration

Self-Pace*

*Typical completion, beginning to end: 6-9 months, when studying regularly

What Our Clients Say

John Bryce.jpg
“Over 1000 of our students have been trained using ThinkCyber's Products and Services. The hands-on experience they gain from using the Cyberium Arena Simulator and Specto is invaluable and has been instrumental in their career progression”

— John Bryce Training Center, Israel

HLS Testomonial.jpg
“The training was crucial, providing my team with a wealth of knowledge through hands-on experiences. This is why, throughout June 2023, we will be welcoming SOC analysts from across the nation to participate in the CACC (CERT-IL Advanced Cyber Training). This training, facilitated by ThinkCyber and utilizing the Cyberium simulator, will provide invaluable experience and knowledge upgrades.”

— Homeland Security

James CFC Testimonial.jpg
“Our students are getting excellent positions such as SOC Analysts, Network Security Engineers, Forensics and Penetration Testers thanks to the applicable and relevant hands-on cybersecurity skills they've acquired through ThinkCyber's solutions.”

— James Lim, CEO of Centre for Cybersecurity Institute, Singapore

Army Testimonial.jpg
“Exceptional course! I've attended numerous programs, but this outshines them all in every conceivable way: the comprehensive content, the expert guidance, the practical exercises, and the seamless organization of the entire course.”

— Defense Forces

Description

Ready to investigate Linux systems at a deeper level? This program teaches you systematic approaches to Linux-based digital forensics. You'll learn to analyze system artifacts, examine logs, investigate running processes, and conduct memory analysis. From data carving to timeline reconstruction, you'll develop the skills needed to uncover what really happened on a Linux system.

Program Recognition & Impact

Our Linux Forensics program delivers advanced investigation techniques:

  • Built on proven digital forensics methodologies

  • Hands-on practice with professional forensic tools

  • Develops systematic investigation capabilities

  • Teaches advanced Linux analysis skills

  • Prepares for complex system investigations

Real-World Training Environment

Through our Cyberium Arena learning platform, you'll conduct thorough Linux investigations:   

  • Analyze real system artifacts and log files

  • Practice professional forensic tool usage

  • Investigate live system memory

  • Reconstruct incident timelines

  • Handle evidence using forensic best practices

What You Will Learn

Dive deep into the realm of Linux Forensics with this comprehensive course, designed to equip participants with hands-on skills in data acquisition, memory analysis, malware detection, and more. Explore real-world scenarios, understand the intricacies of the Linux file system, and master advanced forensic techniques. This course combines theory with practical labs, ensuring a holistic understanding of Linux-based digital investigations.

Linux Forensics
  • This module provides a comprehensive introduction to Linux fundamentals, then delves into the details of Linux services, including how they are managed and configured. Finally, it equips learners with scripting skills, vital for automation and advanced tasks in Linux environments.

    • Intro to Linux

    • Virtualization

    • Basic Commands

    • System Files

    • Services

    • Installation

    • Configuration Files

    • Logs Files

    • Scripting

    • File Permissions

    • Linux Automation
       

  • Log Analysis, it details how to inspect Linux logs for vital clues during an investigation. The File Analysis section teaches methods to dissect Linux file systems and extract meaningful data. Finally, Network Analysis imparts techniques for inspecting network traffic and identifying suspicious patterns or anomalies, essential for cyber investigations.

    • Log Analysis

    • Text Manipulation

    • Built-in Logs

    • Logs Best Practice

    • File Analysis

    • Metadata

    • Carving

    • Steganography

    • Calls

    • Network Analysis

    • Wireshark

    • General Network Tools

    • TShark Automation
       

  • The Artifact section instructs how to locate and interpret Linux system artifacts, invaluable in post-breach investigations. Live Analysis imparts skills to scrutinize active systems, identifying ongoing threats. The Analyzing Images portion discusses methods to inspect and interpret disk images, revealing concealed data or evidence.

    • Artifacts

    • Hashes and Encodings

    • User Files

    • Understanding Shells

    • System Files

    • Suspicious User-Info

    • Live Analysis

    • Mounting Partitions

    • Dumping Memory

    • Cloning HDD

    • Log File Advance Search

    • Captured Images

    • Working with FTK

    • Detecting Hidden Files and Directories
       

  • This module covers essential Network Protocols, providing an understanding of their operations and potential vulnerabilities. It then explores Network Attacks, discussing various attack vectors and strategies. Lastly, the module introduces the concept of hardening, teaching learners how to strengthen a Linux system against possible threats.

    • Netcat

    • Different Uses

    • Network Protocols

    • MiTM

    • Analyzing Traffic

    • Network Attacks

    • SSH

    • FTP

    • Hardening
       

bottom of page