Description

why Investigating Linux Forensics is important

Learn Linux Forensics
Step into the world of Linux Forensics with this hands-on course. Discover how Linux file systems work, uncover key forensic artifacts, and get comfortable using tools that are essential in real investigations. This course is tailored for IT specialists, cybercrime investigators, and anyone passionate about security who wants to enhance their forensic skills and career opportunities.


Why Should You Learn Linux Forensics?
Linux is widely used in penetration testing and cybersecurity, but have you ever stopped to ask: Are these tools always used for the right reasons? The answer is simple: No.
Now, picture this—you arrive at a crime scene, and the suspect’s computer is running Linux. If you’re not prepared, you’ll quickly find yourself stuck, questioning your abilities. Where do you start?

  • Do you know how to gather evidence from a Linux system?
  • Can you recognize and interpret forensic artifacts?
  • How do you trace user actions or uncover hidden data?


    • This course is designed to give you the confidence and skills to handle such challenges, so you’re never caught off guard when faced with a Linux-based system during an investigation.

    Learners who complete the course and pass the exam will earn the C5W Certified Linux Forensic Analyst (CCLFA).

    Training Delivery Details

    On Demand: Material | Certification of Completion | Exam Certification

    The course material includes over 20 Hands-on Labs and 8 hours of recorded lecture

    Pricing Options

    Kindly choose the enrollment pricing option that suits you best. Please note that the fees include the Course Material and Two Exam attempts (coming soon). If you're enrolling as a group or need a custom plan, please contact us. We're here to help!

    • C5W INVESTIGATING LINUX SYSTEMS - On-Demand Course

      Course Material + 40 hours of virtual lab access

      $650.00

      Buy Now

    • C5W INVESTIGATING LINUX SYSTEMS - On-Demand Course

      Course Material - No virtual lab access

      $600.00

      Buy Now

    Syllabus

    Upon completion of this on-demand, self-paced training, you'll gain the skills needed to effectively investigate compromised Linux systems, locate system and application artifacts, and recover deleted data with efficiency.

      Introduction to Linux

    • Introduction to Linux Forensics
    • Understanding the Linux FHS
    • Understanding and Investigating Core Linux Components

      • Essential Tools and Techniques

    • Linux Boot Process
    • Linux System and Service Managers
    • Acquisition
    • Searching and Navigation Linux Systems

      • System Analysis

    • Searching and Navigation Linux Systems
    • Network Services & Network Connections
    • Searching Devices & Volumes
    • Variables, Shells, Profiles, Cronjobs, etc
    • Users & Groups
    • Processes & Applications

      File Systems and Log Analysis

    • Intro. to Linux EXT4 File System
    • Analysis Using The Sleuth Kit (TSK)
    • Analysis Using DebugFS
    • Analyzing Linux Logs
    • The ProcFS & TmpFS File Systems

      GUI & USB Forensics

    • Investigating Linux GUI
    • Investingating Linux Desktop Environments
    • Linux USB Forensics

      Writing Forensics Reports

    • What Is The Forensics Report?
    • The Importance of Forensics Report
    • Forensics Report Sections
    • Reporting Standards And Guidelines
    • Conclusions And Recommendation

      • Hands-on Labs

    • Case #1 - Investigating a Compromised Web Server
    • Case #2 - Investigating Suspicious Processes
    • Case #3 - Investigating a Kali Linux Systems
    • Case #4 - Investigating a Compromised Cluster
    • Case #5 - Traffic Acquisition and Analysis
    • Case #6 - Investigating Linux Desktop Environments
    • Case #7 - Investigating a Compromised Web Server #2
    • Case #8 - Timeline Analysis

    Instructor

    Ali Hadi is a highly accomplished and experienced Senior Cybersecurity Specialist with 14+ years of professional experience in Information Technology. He is currently working as a full-time professor and researcher at the Computer and Digital Forensics and Cybersecurity Departments of Champlain College, USA. Ali is a Co-Founder and the Chief Technology Officer of Cyber 5W. He holds a PhD and MSc degree in Computer Information Systems, as well as a BSc degree in Computer Science. Throughout his professional career, Ali has earned more than 20 professional certifications. Ali is a sought-after consultant in the field of cybersecurity, offering expertise in areas such as digital forensics, incident response, adversary simulation, offensive security, and malware analysis. He is also an established author, speaker, and freelance instructor, having provided technical training to government and private firms as well as other organizations. Ali continues to be an influential figure in the digital forensics community and is dedicated to promoting forensics education and research. More details could be found here or contact him directly through twitter here.

    Investigating Linux Systems Certificate

    What will you earn at the end of the course?

    • Professional Certificate

      CCLFA is the only certification that will truly assess your skills in multiple domains, all using a single certification-process.

    • Experiential Learning

      CCLFA includes more than 10 hands-on labs that cover what you need to get started and dive into investigating Linux systems.

    • Trusted Training

      CCLFA requires students to take a practical assessment and submit a report for the expert committee to evaluate.
      A partial version of this training has been covered in our Linux Forensics workshops at different conferences and events.

    Learning Objectives

    After completing this training, will be capable of:

    • Searching through the FHS

    • Working with volumes and mounting forensic case images

    • Search in log files

    • Using TSK to list forensic image info and work with EXT4 file systems

    • Use debugfs and EXT4 journals to recover deleted files

    • Tracking running processes

    • Using the ProcFS to the benefit of your IR

    • Extracting processes from memory

    • Generating and filtering a super timeline

    Prerequisites

    what should you know before taking the course

    This course assumes no previous knowledge in Linux operating systems, however basic knowledge in digital forensics is highly recommended.

    Who is this Training For?

    why should you take this training

    Anyone who wants to perform Linux investigations, SOC team members, incident response handlers, red team members, malware analysts, and anyone who is curious to know about Linux digital forensics and wants to learn something new.

    System Requirements:

    what you need to for the course

    • Computer or laptop with a Linux (Tsurugi Linux is recommended) and a Windows or Mac Operating System
    • Capability of running virtualization software such as VMWare or VirtualBox
    • More than 100 GB of disk space for the Virtual Machines and Forensic Images used
    • Eric Zimmerman's Timeline Explorer

    Community Feedback

    Community Feedback on Our Training