סייבר ואבטחת מידע

Linux Forensics

מספר הקורס 71588

40 שעות
5 מפגשים
* מספר המפגשים והשעות למפגש עשויים להשתנות בין קורס לקורס

המועדים הקרובים

קורס לקבוצות

הקורס נפתח במתכונת של קבוצה בלבד, בהתאמה אישית לארגונים.
לפרטים נוספים:

ספרו לי עוד


OS Forensics is the ART of extracting evidence and important artifacts from a digital crime scene that can help the investigator reconstruct the chain of events. During this course, students will learn the basics of computer hardware and the Linux-OS filesystem. The students will learn to collect and analyze forensic evidence and write official reports.

The course helps prepare for the certification exam CLFP (7Safe).


On Completion, Delegates will be able to

Access concealed files on the system and extracting relevant information

Master the steps of incident response

Analyze relevant case studies


Who Should Attend

Law enforcement officers & intelligence corps

Incident responders

Computer investigators

IT/network administrators


תכנית הלימודים

Full syllabus
PDF להורדה

Module 1: Computer Hardware

The first module will cover different components of computer hardware. Students will learn the main components of Storage-Disks, and the structure of the Linux OS.

  • Drives and Disks
    • The Anatomy of a Drive
    • Data Sizes
    • Volumes & Partitions
    • Disk Partitioning and the Disk Management Tool
    • Solid State Drive (SSD) Features
  • Understanding Linux-OS Structure
    • Linux Directory Structure
    • Services and systemd
    • Users and Groups
    • Understanding Shells

Module 2: Forensic Fundamentals

This module will expose students to the internal components of the Linux OS. Students will learn about tools that will help them with the Forensics investigation process.

  • Understanding Hashes and Encodings
    • Hash as a Digital Signature
    • The Use of Hash for Forensics
    • Base Encodings
  • Linux-OS Artifacts
    • User Activity Files
    • Physically Accessing Running Process
    • Service Logging Using Journalctl
    • Logfile Analysis
  • Cracking the Shadow and Passwd Files
  • Files in /dev
  • SUID/SGID files
  • Data and Files structure
    • Hexadecimal Editing Tools
    • File Structure
    • Embedded Metadata
    • Working with Clusters

Module 3: Collecting Evidence

Students will master techniques for collecting evidence during this module, accessing, and retrieving volatile and non-volatile information. Students will master techniques for collecting evidence, accessing, and retrieving volatile and non-volatile information.

  • Forensic Data Carving
    • Using Bvi for Forensics Carving
    • Automatic File Carving Tools
    • Files with Basic System-Info and Suspicious User-Info
  • Collecting Information
    • Indenting Evidence of Program Execution

Advanced knowledge of:

  • Linux
  • Network Forensics (Course 71586) or Windows Forensics (Course 71585)
סימולטור - Cyberium Arena

The courses at John Bryce Training allow you to gain experience with unique simulators and hands-on practice labs that include a variety of scenarios. Students are given the opportunity to put in practice what they have learned in order to retain all the relevant skills and information they were given throughout the course, this way upgrading their knowledge and expertise.

The simulator that is used in the hands on practice labs is The Cyberium system. This is an advanced cyber scenario simulator which has been developed by cyber experts who have been constantly involved in cyber training and in giving knowledge gaps solutions in the field of cyber. The simulator includes two main types of scenarios – educational and realistic.

Each educational scenario is focused on a different aspect of the course and simulates a specific aspect of the training topics. Each issue or topic taught in the course has a point exercise that allows the student to focus on it and deeply learn it.

The realistic scenarios simulate possible or past incidents related to Information Security. This includes everything from topics such as the Regulation of Cyber Systems to Attacks by Terrorist Hacker Organizations. These scenarios are broader than the educational exercises and require more of a systemic, strategic and comprehensive vision.

After each scenario, the system automatically generates detailed reports that serve as immediate feedback that allows the student and lecturer to measure the abilities, strengths, and weaknesses of the participant.


Schedule Appointment

Fill out the form below, and we will be in touch shortly.

לא הצלחנו לאתר את הטופס.