image200×100 18.3 KB

Digital Forensics Guide

A guide covering Digital Forensics the applications, libraries and tools that will make you a better and more efficient with Digital Forensics development.

Note: You can easily convert this markdown file to a PDF in VSCode using this handy extension Markdown PDF.

image1156×460 42.3 KB

Table of Contents

• Getting Started with Digital Forensics
• Books & Tutorials
• Digital Forensics Certifications & Courses
• Playbooks
• YouTube Tutorials
• Digital Forensics Tools, Libraries, and Frameworks
• Virtualization
• File systems
• Security Tools and Frameworks
• Networking

Getting Started with Digital Forensics

Digital Forensics is the process of recovering and preserving material found on digital devices during the course of criminal investigations. Digital forensics tools include hardware and software tools used by law enforcement to collect and preserve digital evidence and support or refute hypotheses before courts.

Computer Forensics is the process of examining digital media in a forensic-like manner with the goal of identifying, preserving, recovering, analyzing and presenting facts and opinions about the digital information.

Mobile device forensics is the science of recovering digital evidence from a mobile device under forensically sound conditions using accepted methods. Mobile device forensics is an evolving specialty in the field of digital forensics.

Network forensics is a science that centers on the discovery and retrieval of information surrounding a cybercrime within a networked environment. Common forensic activities include the capture, recording and analysis of events that occurred on a network in order to establish the source of cyberattacks.

Database forensics is the process of interrogating a failed database and trying to reconstruct the metadata and page information from within a data set, whereas database recovery implies some kind of restorative process that will enable the database to become viable enough to be put back into a production environment, or healthy enough to provide a backup that can be used in a database restore.

Books & Tutorials

• OSSTMM (Open Source Security Testing Methodology Manual) PDF
• NIST Technical Guide to Information Security Testing and Assessment (PDF)
• Python Digital Forensics Cookbook
• Applied Incident Response - Steve Anson’s book on Incident Response.
• Art of Memory Forensics - Detecting Malware and Threats in Windows, Linux, and Mac Memory.
• Crafting the InfoSec Playbook: Security Monitoring and Incident Response Master Plan - by Jeff Bollinger, Brandon Enright and Matthew Valites.
• Digital Forensics and Incident Response: Incident response techniques and procedures to respond to modern cyber threats - by Gerard Johansen.
• Introduction to DFIR - By Scott J. Roberts.
• Incident Response & Computer Forensics, Third Edition - The definitive guide to incident response.
• Incident Response Techniques for Ransomware Attacks - A great guide to build an incident response strategy for ransomware attacks. By Oleg Skulkin.
• Incident Response with Threat Intelligence - Great reference to build an incident response plan based also on Threat Intelligence. By Roberto Martinez.
• Intelligence-Driven Incident Response - By Scott J. Roberts, Rebekah Brown.
• Operator Handbook: Red Team + OSINT + Blue Team Reference - Great reference for incident responders.
• Practical Memory Forensics - The definitive guide to practice memory forensics. By Svetlana Ostrovskaya and Oleg Skulkin.
• The Practice of Network Security Monitoring: Understanding Incident Detection and Response - Richard Bejtlich’s book on IR.
• GitGuardian API Security Best Practice
• Open Source Security Foundation (OpenSSF) npm Best Practices Guide
• Open Source Security Foundation (OpenSSF) Best Practices for Open Source Developers
• Open Source Security Foundation (OpenSSF) Identifying Security Threats in Open Source Projects
• OWASP Foundation Top 10
• Common Weakness Enumeration (CWE) Top 25
• Securing The Software Supply Chain: Recommended Practices Guide for Developers | CISA, NSA, and ODNI (PDF)

Digital Forensics Certifications & Courses

• Computer Forensics Training Courses | Udemy
• Computer Forensics Courses | Coursera
• Learn Computer Forensics with Online Courses and Lessons | edX
• Computer Forensics Courese Learning Path - Infosec Institute
• National Computer Forensics Institute(NCFI) Training Courses
• Computer Forensics Training and Courses | X-Ways
• Mile2’s Certified Digital Forensics Examiner training course
• Cyber Security Training, Certifications, Degrees and Resources | SANS Institute
• IACIS - BCFE: Basic Computer Forensic Examiner course
• SANS FOR518: Mac and iOS Forensic Analysis and Incident Response Course
• SANS FOR500: Windows Forensic Analysis Course

Playbooks

Playbooks can help automate and orchestrate your response, and can be set to run automatically when specific alerts or incidents are generated, by being attached to an analytics rule or an automation rule.

• Automate threat response with playbooks in Microsoft Azure with Sentinel is a collection of procedures that can be run from Microsoft Sentinel in response to an alert or incident.
• AWS Incident Response Runbook Samples - AWS IR Runbook Samples meant to be customized per each entity using them. The three samples are: “DoS or DDoS attack”, “credential leakage”, and “unintended access to an Amazon S3 bucket”.
• Counteractive Playbooks - Counteractive PLaybooks collection.
• GuardSIght Playbook Battle Cards - A collection of Cyber Incident Response Playbook Battle Cards
• IRM - Incident Response Methodologies by CERT Societe Generale.
• IR Workflow Gallery - Different generic incident response workflows, e.g. for malware outbreak, data theft, unauthorized access,… Every workflow consists of seven steps: prepare, detect, analyze, contain, eradicate, recover, post-incident handling. The workflows are online available or for download.
• PagerDuty Incident Response Documentation - Documents that describe parts of the PagerDuty Incident Response process. It provides information not only on preparing for an incident, but also what to do during and after. Source is available on GitHub.
• Phantom Community Playbooks - Phantom Community Playbooks for Splunk but also customizable for other use.
• ThreatHunter-Playbook - Playbook to aid the development of techniques and hypothesis for hunting campaigns.

Continue Following the list here: Digital Forensics Guide

Happy learning!

This is a great list. Thanks