Linux Forensics

מק"ט: #71557 | משך קורס: 40 שעות אק'
| מספר מפגשים: 5

The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the digital information.
In this course, you will investigate compromised Linux machine, create a timeline from evidences found on victim’s host and analyze the malware with a wide range of tools including databases such as MYSQL and Elastic Stack.

*שדות חובה
PDF version


What you will learn:

  • Data Acquisition from suspect’s computer.
  • Data integrity as part of the forensics process
  • Incident Response (IR) Methodology
  • Linux live analysis
  • Post mortem analysis using Elastic or MySQL
  • EXT4 fundamentals
  • IR process – from Incident to report

קהל יעד

  • Senior level in Linux and Networking (TCP/IP)
  • IR people who wish to expand their knowledge

תנאי קדם

  • Good Linux and bash scripting skills
  • Good understanding in networking technologies (IP, TCP, DNS, HTTP, HTTPs)
  • Basic knowledge in SQL and JSONs


Part 1: Forensics Methodology

  • Computer forensics in today’s world
  • Computer forensics investigation process
  • Investigation with Cyber Kill Chain


Part 2: Live Analysis

  • Building your own tool kit
  • Collecting volatile data
  • Files metadata
  • Building a timeline
  • Command history
  • Log files
  • File hashes

Part 3: Data Acquisition

  • Getting RAM
  • HD Coping
  • Image formats
  • Write Block with Linux
  • Getting VM into image


Part 4: Post Mortem Analysis

  • Mount an image
  • Using DB to analyze
  • Create a timeline
  • EXT4 footprints


Part 5: Memory Forensics (Optional)

  • Memory structure
  • Introduction to Volatility Framework
  • Making a profile
  • Processes
  • Kernel modules
  • Network
  • Dumps


Part 6: Putting it all together

  • Investigating a compromised host – from incident to report
  • Memory analysis