Skip to content

Virtual labs for
Information Security

Digital Forensics

This set of labs introduces the student to the technical aspects of Digital Forensics, including general forensic processes, imaging, hashing, file recovery, file system basics, identifying mismatched file types, reporting, and laws regarding computer evidence.

Over 250 labs for Information Security.

Breakdown of lab content

Lab NameTopics CoveredTools Used
Introduction to File SystemsWindows & Linux File Systems, Partitioning and Formatting File
Systems in Windows, Formatting and Wiping in Linux
NTFS, Permissions, Quota, FAT32, Kali, mount, fdisk, gparted, format, DiskDigger, mkfs, scalpel
Common Locations of Windows ArtifactsWindows Event Logs, IIS logs, Scheduled Tasks, Startup, Windows, and System32 foldersnet, event viewer, Kali, at, bginfo
Hashing Data SetsImaging & Hashing a Disk, Verifying the Hashes, Using Kali to Hash Images, Disks and Partitions, Using HashCalc to verify hashesKali, HashCalc, Encase, xrandr, fdsisk, dd, md5sum, sha1sum
Drive Letter Assignments in LinuxExamining Linux Drive Letter Assignments and Mounting Drives, Creating Primary and Extended Partitions in Linux, Formatting Drives in Linux and Utilizing the Storagefdisk, mount, umount, mkfs df, kali, ifconfig, partprobe,
The Imaging ProcessUsing FTK imager, dd, Kali to image a systemFTK Imager, dd, Kali
Introduction to Single Purpose Forensic ToolsUsing File Hashing Tools to Verify Integrity, Mounting a Partition with Deleted Files and Folders, Using Formost to Carve Files, Using a HEX editorforemost, HEX editor, md5sum, sha1sum, Kali
Introduction to Autopsy Forensic BrowserInstalling the Autopsy Forensic Browser, Examing and image with Autopsy, Report GenerationAutopsy Forensic Browser
FAT File SystemExamining the FAT and NTFS File Systems, Using a HEX editor to explore a FAT partition, Verfiying and Viewing Image Details, Analyzing a FAT Partition with AutopsyAutopsy Forensic Browser, FAT, NTFS, HEX editor, Kali,
md5sum, sha1sum
The NTFS File SystemExamining NTFS features, HEX editor, AutopsyAutopsy Forensic Browser, NTFS, HEX editor, Kali, md5sum, sha1sum
Browser Artifact AnalysisIntroduction to Browsers, Analyzing Internet Explorer, Google Chrome, Mozilla FirefoxKali, nmap, MSIECF, history viewer, registry viewer,
SQLite Manager
Communication ArtifactsEmail messages and programs, Examining emails in Network Traffic, Internet Relay Chatwireshark, firewall, helix, network miner, IRC, netstat, Kali
User Profiles and the Windows RegistryObtaining a Live Windows Registry, Analyzing the Registry Hives Using RegViewer, RegRipperFTK Imager, RegViewer, RegRipper
Log AnalysisExamining Windows Event Logs, IIS Logs, and Scheduled Tasks, Linux Logs Windows Event Logs, IIS Logs, Linux Logs, ploglist, Kali, nmap
Memory AnalysisUse Dumpit to Extract Running Physical Memory, Attacking a
Remote System Utilizing Armitage, Using Volatility to Analyze Remote Connections
dumpit, armitage, volatility, pslist, connscan, Kali
Forensic Case CapstoneConnections dumpit, armitage, volatility, pslist, connscan, Kali Analysis and Profiling of Systems and Devices Forensic Case Capstone Analysis and Reporting in Autopsy, Verifying and Viewing the Image Details, Analyzing an NTFS partition
with Autopsy
autopsy, sleuthkit, md5sum, sha1sum

Request A Free Educator account