Description

why Investigating Linux Forensics is important

Why do we need to learn Linux Forensics? Well, nowadays when you look at the number of tools available on different penetration testing systems running Linux, you should stop and ask yourself a basic question "are these tools and systems, always gonna be used for ethical purposes?".

The answer is definitely, NO! Another reason to consider Linux forensics, is you arrive to the crime scene and you find out that your suspect’s desktop is a Linux operating system! If you don’t have the proper skillset, you will be shocked and start to question your knowledge, ability, and skillset. What should I do?

Do I have the skills required to collect data from this system? Where should I look for data and artifacts? What do these artifacts even look like? How can we identify and track user activity? etc.

Training Delivery Details

On Demand: Material | Certification of Completion | Exam Certification

The course material includes over 20 Hands-on Labs and 8 hours of recorded lecture

Pricing Options

Kindly choose the enrollment pricing option that suits you best. Please note that the fees include the Course Material and Two Exam attempts (coming soon). If you're enrolling as a group or need a custom plan, please contact us. We're here to help!

  • C5W INVESTIGATING LINUX SYSTEMS - On-Demand Course

    Course Material + 40 hours of virtual lab access

    $650.00

    Buy Now
  • C5W INVESTIGATING LINUX SYSTEMS - On-Demand Course

    Course Material - No virtual lab access

    $600.00

    Buy Now

Syllabus

Upon completion of this on-demand, self-paced training, you'll gain the skills needed to effectively investigate compromised Linux systems, locate system and application artifacts, and recover deleted data with efficiency.

    Introduction to Linux

  • Introduction to Linux Forensics
  • Understanding the Linux FHS
  • Understanding and Investigating Core Linux Components

  • Essential Tools and Techniques

  • Linux Boot Process
  • Linux System and Service Managers
  • Acquisition
  • Searching and Navigation Linux Systems

  • System Analysis

  • Searching and Navigation Linux Systems
  • Network Services & Network Connections
  • Searching Devices & Volumes
  • Variables, Shells, Profiles, Cronjobs, etc
  • Users & Groups
  • Processes & Applications

    File Systems and Log Analysis

  • Intro. to Linux EXT4 File System
  • Analysis Using The Sleuth Kit (TSK)
  • Analysis Using DebugFS
  • Analyzing Linux Logs
  • The ProcFS & TmpFS File Systems

    GUI & USB Forensics

  • Investigating Linux GUI
  • Investingating Linux Desktop Environments
  • Linux USB Forensics

    Writing Forensics Reports

  • What Is The Forensics Report?
  • The Importance of Forensics Report
  • Forensics Report Sections
  • Reporting Standards And Guidelines
  • Conclusions And Recommendation

  • Hands-on Labs

  • Case #1 - Investigating a Compromised Web Server
  • Case #2 - Investigating Suspicious Processes
  • Case #3 - Investigating a Kali Linux Systems
  • Case #4 - Investigating a Compromised Cluster
  • Case #5 - Traffic Acquisition and Analysis
  • Case #6 - Investigating Linux Desktop Environments
  • Case #7 - Investigating a Compromised Web Server #2
  • Case #8 - Timeline Analysis

Instructor

Ali Hadi is a highly accomplished and experienced Senior Cybersecurity Specialist with 14+ years of professional experience in Information Technology. He is currently working as a full-time professor and researcher at the Computer and Digital Forensics and Cybersecurity Departments of Champlain College, USA. Ali is a Co-Founder and the Chief Technology Officer of Cyber 5W. He holds a PhD and MSc degree in Computer Information Systems, as well as a BSc degree in Computer Science. Throughout his professional career, Ali has earned more than 20 professional certifications. Ali is a sought-after consultant in the field of cybersecurity, offering expertise in areas such as digital forensics, incident response, adversary simulation, offensive security, and malware analysis. He is also an established author, speaker, and freelance instructor, having provided technical training to government and private firms as well as other organizations. Ali continues to be an influential figure in the digital forensics community and is dedicated to promoting forensics education and research. More details could be found here or contact him directly through twitter here.

Investigating Linux Systems Certificate

What will you earn at the end of the course?

  • Professional Certificate

    ILS is the only certification that will truly assess your skills in multiple domains, all using a single certification-process.

  • Experiential Learning

    ILS includes more than 10 hands-on labs that cover what you need to get started and dive into investigating Linux systems.

  • Trusted Training

    ILS requires students to take a practical assessment and submit a report for the expert committee to evaluate.
    A partial version of this training has been covered in our Linux Forensics workshops at different conferences and events.

Learning Objectives

After completing this training, will be capable of:

  • Searching through the FHS

  • Working with volumes and mounting forensic case images

  • Search in log files

  • Using TSK to list forensic image info and work with EXT4 file systems

  • Use debugfs and EXT4 journals to recover deleted files

  • Tracking running processes

  • Using the ProcFS to the benefit of your IR

  • Extracting processes from memory

  • Generating and filtering a super timeline

Prerequisites

what should you know before taking the course

This course assumes no previous knowledge in Linux operating systems, however basic knowledge in digital forensics is highly recommended.

Who is this Training For?

why should you take this training

Anyone who wants to perform Linux investigations, SOC team members, incident response handlers, red team members, malware analysts, and anyone who is curious to know about Linux digital forensics and wants to learn something new.

System Requirements:

what you need to for the course

  • Computer or laptop with a Linux (Tsurugi Linux is recommended) and a Windows or Mac Operating System
  • Capability of running virtualization software such as VMWare or VirtualBox
  • More than 100 GB of disk space for the Virtual Machines and Forensic Images used
  • Eric Zimmerman's Timeline Explorer