155
Introduction
How to Book One to One Trainer Online Meeting
CDFE Lab
What is Incident Response
The Incident Response Process Model
The Role of Digital Forensics
Why Incident Response is needed
The Incident Response Framework
The CSIRT Response Charter
The Incident Response Team
The Incident Response Plan
Incident Classification
The Incident Response Playbook
Escalation Procedures
Incident Response Capability Maintenance
Quiz
Digital Forensic Fundamentals
UK Laws and Regulations
Digital Forensic Process
Forensics Lab
Quiz
Collection of Network Evidence
Preparation
Evidence from Network Devices
Collection of Evidence
Quiz
Capturing Evidence from Host Systems
Methods for Acquiring Evidence
Procedures for Collecting Evidence
Acquiring Memory
Guided Exercise: Acquiring Memory with FTK Imager
Guided Exercise: Acquiring Memory with WinPmem
Acquiring Memory Remotely
Virtual Machines Captures
Non-Volatile Data
Guided Exercise: Capturing Registry and Logs using FTK Imager
Quiz
Forensic Imaging
Forensic Imaging Overview
Evidence Drive Preparation
Guided Exercise: Drive Wiping with Eraser
Guided Exercise: Encrypting a Drive’s Repository Partition with VeraCrypt
Dead Imaging
Guided Exercise: Create a Forensic Image with a GUI Tool
Guided Exercise: Create a Forensic Image with a CLI Tool
Live Imaging
Guided Exercise: Creating a Live Image using FTK Imager Lite
Lab: Forensic Imaging
Lab: Forensic Imaging (Solution)
Analysing Network Evidence
Wireshark
Guided Exercise: Network Traffic Identification: PING
Guided Exercise: Network Traffic Identification: PING (Solution)
Guided Exercise: Network Traffic Identification: DNS Query
Guided Exercise: Network Traffic Identification: DNS Query (Solution)
Guided Exercise: Network traffic Identification: TCP Three-Way Handshake
Guided Exercise: Network traffic Identification: TCP Three-Way Handshake (Solution)
Guided Exercise: Traffic Analysis: Host Footprinting / File Extractions
Guided Exercise: Traffic Analysis: Host Footprinting / File Extractions (Solution)
Lab: Analysing Network Evidence
Lab: Analysing Network Evidence (Solution)
Analysis of System Memory
Memory Analysis Methodology
Guided Exercise: Analysis of Memory File Using Volatility
Lab: Analysis of System Memory
Lab: Analysis of System Memory (Solution)
Analysis of System Storage
Types of System Storage
File Systems
Commercial Tools
Must Have Tools for Incident Responders
File Carving
Guided Exercise: File Carving
Guided Exercise: File Carving (Solution)
Email Analysis
Guided Exercise: Email Header Analysis
Guided Exercise: Email Header Analysis (Solution)
Registry Analysis
Guided Exercise: Reading Offline Files with Regedit
Guided Exercise: Reading Offline Files with Regedit (Solution)
Guided Exercise: Reading Offline Registry Files with Windows Registry Recovery
Guided Exercise: Reading Offline Files with RegRipper
Guided Exercise: Reading Offline Files with RegRipper (Solution)
Hashing
Guided Exercise: Hashing Folders and Their Contents for Comparison
Guided Exercise: Hashing Folders and Their Contents for Comparison (Solution)
Guided Exercise: Hashing Individual Files for Comparison
Guided Exercise: Hashing Individual Files for Comparison (Solution)
Guided Exercise: Hashing Evidence Files for Validation
Guided Exercise: Hashing Evidence Files for Validation (Solution)
Web Browser Analysis
Guided Exercise: Analysing Chrome Internet Cache and History
Guided Exercise: Analysing Chrome Internet Cache and History (Solution)
File Analysis
Guided Exercise: File Analysis - Microsoft Office Files
Guided Exercise: File Analysis - Microsoft Office Files (Solution)
Guided Exercise: File Analysis - EXIF Data from Graphic Files
Guided Exercise: File Analysis - EXIF Data from Graphic Files (Solution)
Timestamps and Timeline Analysis
Guided Exercise: Combining Timestamps for a Timeline
Guided Exercise: Combining Timestamps for a Timeline (Solution)
Event Log Analysis
Guided Exercise: Examining Event Logs
Shortcut Files and Jump List Analysis
Guided Exercise: Shortcut File Analysis
Guided Exercise: Shortcut File Analysis (Solution)
Guided Exercise: Jump List Analysis
Guided Exercise: Jump List Analysis (Solution)
Prefetch File Analysis
Guided Exercise: Prefetch File Analysis
Guided Exercise: Prefetch File Analysis (Solution)
Thumbnail Caches Analysis
Guided Exercise: Analysing Thumbs.db from Windows XP
Guided Exercise: Analysing Thumbs.db from Windows XP (Solution)
Guided Exercise: Analysing Cache Images within Microsoft Files
GREP Searches
Guided Exercise: GREP Searching Through Log Files
Guided Exercise: GREP Searching Through Log Files (Solution)
File Recovery
Guided Exercise: Mounting a Forensic Image with FTK Imager and Recovering Files
Guided Exercise: Recovering Files from Forensic Images with Autopsy
Recovering Passwords
Guided Exercise: Recovering Passwords
Guided Exercise: Recovering Passwords (Solution)
Creating Forensic Reports
What should be documented
Documentation Types
Sources to Include
Audience
Tracking Incidents
Written Reports
Quiz
Malware Analysis
Malware Types and Definition
Malware Analysis Methodology
Guided Exercise: Performing Static Analysis
Guided Exercise: Performing Dynamic Analysis
Lab: Malware Analysis
Lab: Malware Analysis (Solution)
Threat Intelligence
Threat Intelligence Actor Groups
Advanced Persistent Threat
Types of Threat Intelligence
Threat Intelligence Life Cycle
Sourcing Threat Intelligence
Threat Intelligence Platforms
Threat Intelligence Use Types
Guided Exercise: Hashing Evidence - Known Bad Hashes
Guided Exercise: Hashing Evidence - Known Bad Hashes (Solution)
Quiz
CDFE Mock Exam
Appendix 1 - Sample Chain of Custody Form
Appendix 2- Host Evidence Collection Checklist
Exam Information
CDFE Course Evaluation
