Cyber Forensic Training for Defense Forces
Cyber Forensic – Basic to Advance for Defense Forces Course Overview: The Cyberfox Train customized training program on Cyber Forensic Training – Basic to Advance for Defense Forces is a comprehensive 15-day course designed to equip participants with the knowledge …
Overview
Cyber Forensic – Basic to Advance for Defense Forces
Course Overview:
The Cyberfox Train customized training program on Cyber Forensic Training – Basic to Advance for Defense Forces is a comprehensive 15-day course designed to equip participants with the knowledge and skills required for cyber forensic investigations. The program covers a wide range of topics, from mobile and computer forensics to CDR/IPDR analysis, VOIP call tracing, IP spoofing, ransomware detection and prevention, Bitcoin case tracking, and the use of forensic tools like Cellebrite and Access Data-FTK. Participants will also learn about chip-off and JTAG forensics. The program includes live demonstrations, hands-on exercises, and case studies to enhance practical skills.
Course Objective:
The primary objective of this training program is to provide defense forces personnel with a strong foundation in cyber forensic techniques and tools. Participants will learn how to conduct investigations, gather digital evidence, and analyze data in a legal and ethical manner. The course aims to enhance their capabilities in detecting and preventing cybercrimes, including those related to mobile devices, computers, communication networks, and cryptocurrencies.
Course Outcome:
Upon completion of this training program, participants will:
- Have a deep understanding of cyber forensic principles and methodologies.
- Be proficient in conducting mobile and computer forensic investigations.
- Be able to analyze CDR/IPDR data for crime detection.
- Possess the skills to trace VOIP calls and identify spoofed IP addresses.
- Detect, prevent, and investigate ransomware attacks.
- Be competent in tracking Bitcoin transactions and wallets.
- Master the use of forensic tools like Cellebrite and Access Data-FTK.
- Gain expertise in chip-off and JTAG forensics.
Target Audience:
This training program is specifically designed for Defense Forces personnel, including military and law enforcement personnel, who are responsible for cyber forensic investigations and cybersecurity operations. It is suitable for both beginners and intermediate-level professionals seeking to enhance their cyber forensic skills.
Course Outline:
Day 01.
- Disk & Mobile Forensic Android and iPhone
- WhatsApp Forensic and Investigation
- Introduction to WhatsApp Forensic
- Step of WhatsApp Forensic (Live Demos)
- WhatsApp Data Recovery (Live Demos)
- WhatsApp Messages, Photos, Videos, etc. Recovery Methods (Live Demos)
- WhatsApp Account Tracking Methods (Live Demos)
- Find the Location of WhatsApp Users (Live Demos)
- WhatsApp Users IP Tracking (If he/she is not using the Internet by SIM) (Live Demos)
Day 02.
- Mobile Forensic Investigation
- Introduction of Mobile Forensic.
- Major Steps of Mobile Forensic (Live Demos)
- Mobile Forensic Search and Seizure Process
- Mobile File System and Architecture (Android, Blackberry, iPhone, etc.) (Live Demos)
- Pin or Pattern Password Bypass and Cracking for Forensics (Live Demos)
- Mobile Data Extraction Without USB Debugging (Live Demos)
- Retrieve All Important Data with a Physical Acquisition (Live Demos)
- Phone Data Extraction and Recovery (Android, Blackberry, iPhone, etc.) (Live Demos)
- User Data
- Phonebook
- Messages
- Contact Information
- Web Activity
- IM Password
- WhatsApp Chat
- Skype, Gmail, or Facebook Contacts Without Accounts Passwords
- Extract Important Application Data
- Retrieve All Important Data of Users etc.
- Mobile Device & Memory Card Recovery Services (Live Demos)
- SIM Data Recovery Methods (Live Demos)
- Data Extraction from Mobile Clones (Live Demos)
- Mobile Data Recovery through Open-Source Tools (Live Demos)
Day 03.
- Computer Forensic Investigation
- Introduction of Computer Forensic
- Step of Forensics Investigations
- Search and Seizure Process
- Common Steps involved in Digital Forensic (Live Demos)
- Evidence Collection
- Acquisition
- Analyzing & Recovery
- Reporting
- System Forensics (Live Demos)
- Window Forensics (Live Demos)
Day 04.
- RAM Data Forensics (Live Demos)
- Web Browsers Forensics (Live Demos)
- Application Data Forensics (Skype, Yahoo Messenger talk, etc.) (Live Demos)
- Data Recovery Using Open-Source Tools etc. (Live Demos)
Day 05.
- CDR/IPDR Forensic
- Basics of MS Excel Filter, Sorting, Advance filter. (Live Demos)
- Things to be looked into for CDR analysis in the investigation and detection of crimes.
- How to find out frequently calling and called no. (Live Demos)
- Tools used for the analysis of CDR. (Live Demos)
- Checklist for ideal analysis of CDR (Live Demos)
- BTS Cell sites Dump and their significance and analysis. (Live Demos)
- Evidentiary value of CDR Analysis and Processing citing Such Evidences During Case
- Basic concept of BTS Cell Sites. (Live Demos)
- Finding out the Cell ID of 2G/3G/4G towers. (Live Demos)
- Collection of Data from the different service providers. (Live Demos)
- Things to be looked into for Tower dump analysis in the investigation and detection of crimes. (Live Demos)
Day 06.
- TRAINING ON VOIP CALL TRACING
- Training on VoIP Call Tracing (corporate/enterprise VOIP network)
- Introduction to VoIP
- Method of VoIP Calling (Live Demos)
- Call Spoofing Techniques (Live Demos)
- Verifying Spoof and Real Calls (Live Demos)
- Challenges in Call Spoofing (Live Demos)
- Tracking Spoof Calls (Live Demos)
- Communication device (Mobile phone, satellite phone, GPS device, etc.) Based investigation.
- Search and Seizure of Mobile Phones and Precautions to be taken (Live Demos)
- Seeking information from Mobile Service Providers (Live Demos)
- CDR and IPDR Analysis with hands-on (Live Demos)
- GRRS Logs, Use of Chat Programmers (Live Demos)
- VOIP investigation (Live Demos)
Day 07.
- SOLUTION & TRAINING ON IP SPOOFED CALL TRACING & INVESTIGATION
- IP Spoofing Training
- What’s IP Spoofing
- Common IP Spoofing Methods (Live Demos)
- Anonymous IP Spoofing (Live Demos)
- Challenges in IP Spoofing (Live Demos)
- Manual IP Spoofing (Live Demos)
- Automatic Tools for IP Spoofing (Live Demos)
- Tracking Spoof IP Addresses (Live Demos)
- Find the Real IP Address etc. (Live Demos)
- IP Spoofing Hands-On Exercise.
- Exercise for Participant – Spoof the IP Without Any Tool (Live Demos)
- Tracking the Spoof IP with the Help of OSINT Tool (Live Demos)
- Spoof the IP of Mobile Apps etc. (Live Demos)
Day 08.
- RANSOMWARE DETECTION, PREVENTION, AND INVESTIGATION.
- Introduction of Ransomware
- Target Industries of Ransomware
- Methods to spread Ransomware (Live Demos)
- How Ransomware Get into Mobile Device & Computer (Live Demos)
- Detect Ransomware on your Network (Live Demos)
- Black Market of Ransomware (Live Demos)
- Ransomware Forensic and Investigation (Live Demos)
- Manual and Automatic Tool Base Ransomware Forensic (Live Demos)
- Forensic of Ransomware Root Cause Analysis (Live Demos)
- Ransomware Data Recovery Methods and Techniques (Live Demos)
Day 09.
- TRAINING FOR BITCOIN CASE TRACKING AND INVESTIGATION
- Basics of the Blockchain
- How Bitcoin Market Works (Live Demos)
- Cryptocurrencies Wallets (Live Demos)
- The realities of Anonymity in the Cryptocurrency Marketplace (Live Demos)
- Challenges of Tracking Bitcoin Market (Live Demos)
- Identifying the owner of a Cryptocurrency Wallet (Live Demos)
- Bitcoin Forensic and Investigation Techniques with Case Studies (Live Demos)
- Bitcoin Crime Investigation with the Help of OSINT Tools (Live Demos)
Day 10.
- OEM Training on Cellebrite (if Tools Available)
- UFED Physical Analyzer Software
- Installation, Licensing, Navigation, Extraction, Reporting
- Device Extraction – iOS, Android, Blackberry, “Standard” Cell Phone
- An overview of the UFED Touch
- Cellebrite Physical Analyzer software.
- UFED Touch Overview and its features
- Logical Analyzer Using cellebrite’s
- Physical Analyzer with Cellebrite
- Cellebrite Advanced searching Techniques
- Cellebrite Verification and validation of Technical Findings
- Media System Files and Encoding Exploring Various Mobile File Systems, “Flash” Memory, and Types of Data Encoding).
- Generating reports with cellebrite’s Tools and using the UFED Reader
- OEM Training on Access Data-FTK (if Tools Available).
Day 11.
- FTK Imager (Live Demos)
- Encryption of image files
- Image mounting
- File Hash List creation
- RAM Capture
- Image creating and capabilities and formats
- Drive identification by Imager
- Image Summary output details
- Registry Viewer
- Difference between Add to Report and Add to Report with Children
- Common Areas
- Registry Viewer report creation
- Searching with a registry file using Registry Viewer
- Interface/pane description and capabilities
- FTK Examiner Application/Case Management Window
- UTK tool Integration
- Registry Viewer from within FTK
- PRTK/DNA from within FTK
- KFF hash importing
- Evidence-processing options
- Additional analysis abilities
- Bookmarking
- Index Searching
- Live Searching
- Interface
- Tab information and abilities to view data on specific tabs
- Dropdown menu options
- Right-click menu options
- File Content pane abilities
- Toolbars
- Ability to describe concepts described in the question text, graphic, or display video
- Case Management Window abilities
- Processing Profile Creation
- Data carving abilities and output
- FTK Reporting
- FTK user assignment to cases and ability permissions
- Filtering
Day 12.
- PRTK (Password Recovery Tool Kit)
- Golden Dictionary
- Attack types
- Profiles and profile creation
- Dictionary generation
- Custom profile creation
- Steps for adding files for decryption
- Practical Usage of FTK Abilities
- View and analyze Registry files
- Decrypt files using PRTK
- Use Live and Index Searching
- Run all tab functionality
- Use the KFF
- Apply, create, and/or import filters and column settings
- Know how to find OCR data, Geolocation Data, and Metadata
Day 13. (If Tools Available & Otherwise – Revision and Challenges for Participant)
- OEM TRAINING ON CHIPOFF/JTAG FORENSICS (if Tools Available)
- JTAG FORENSIC
- Mobile Forensics with JTAG
- Accessing Mobile Devices using the JTAG technique
- Data Recovery and Device Unlocking by JTAG technique
- Password recovery on Newer Devices
- Unlocked Android cell phones with USB Debugging turned off.
- Physical memory acquisition when commercial tools come does not Damage or broken phones.
- Introductory Information using Open-Source Scripts.
- Production of a Physical Dump of a Locked / Disabled USB Android phone,
- Identification of the Password and then restoring user data by using your forensics tools.
- Utilizing Python scripts for recovering pattern/pin locks.
- Learn commercial tools with JTAG dumps, such as UFED PA, Magnet IEF, Oxygen Detective
- Chip-Off Forensic
- Introduction to Chip-Off
- What is Chip-Off?
- What type of devices use flash memory?
- Flash Memory and Flash Memory Packages
- Small Outline vs. Multi-Chip Packages
- How do you remove the flash memory?
- Can the chip be damaged as it is removed?
- Can Chip-Off be used on iOS devices?
- Chip-Off for Mobile Forensics
- Chip Readers and Adapters
- Programmer and Adapters
- E-Mate Reader and Adapters
- Write Blockers for USB, SD, and Smartphones
- Disk Management Considerations for Smartphones
- Back-Up and Evidence File Conversion
- Overview
- Create Forensic Image
- Drive Hash Verification Result
- Phone Research
- Purpose of Online Research
- What are you not going to find?
- Websites and types of data they provide
- Finding the FCC Grantee Code etc.
Day 14. Revision and Challenges for Participant
Day 15. Revision and Challenges for Participant