Sale!

Browser Forensics (W57)

$189.00

5 in stock


Get the access to all our courses via Subscription

Subscribe

Category:

The course is aimed at allowing investigators to know the inner workings of the most used and well-known browsers from a digital forensics perspective. Nowadays, everything is done using the web. Most applications are web-based, which led to the importance of browser forensics for any digital forensic case. The interesting thing about browser forensics is the amount of information that you can extract and draw for a case.

Why THIS course? 

Web browser’s data can be critical to a digital investigation since they serve as a user’s window and access point to the web. They can reveal a significant amount of information about a user’s internet activities. Despite the fact that this course focuses on Windows browsers’ artifacts, an understanding of Windows browser forensics will simplify understanding of any OS browser forensics as you will find everything the same except file architecture.

Why NOW? 

I think you will never find a clear case of browsing activity that may reveal a lot of information. Therefore, you need to learn browser forensics now rather than tomorrow.

Browsers update frequently, so students that have not kept up with the changes will struggle when facing a case with a more updated browser than they know. The good point is that the concepts remain the same, that’s why now is better than tomorrow.

Who is this course for?

  • Information Security Practitioners
  • Incident Responders
  • Digital Forensic analysts

Course benefits:

What skills will you gain?

  • Analyzing web browsing activity.
  • Parse SQLite and ESE databases. And knowledge of some SQLite queries to be able to extract important artifacts. 
  • Use browser forensics tools to extract web browser artifacts.

What will you learn about? 

  • Understand how browsers work from a digital forensics perspective.
  • The different artifacts that browsers produce and the importance of them such as: 
    • Browser Cookies
    • Browser History
    • Browser Cache files

What tools will you use?

  • Nirsoft
    • ESEDatabaseView
    • BrowsingHistoryView
    • WebBrowserPassView
    • FavoritesView
    • MZHistoryView
    • MZCacheView
    • MozillaCookiesView
    • ChromeCacheView
  • Velociraptor
  • Hindsight Chrome Forensics
  • CMD tools
    • dejsonlz4.exe
    • strings.exe
    • ParseRS.py
    • Windows esentutl
  • Foxton Forensics Tools
    • Browser History View
    • SQLite Examiner
  • SQLiteBrowser
  • GA Cookie Cruncher by Mari DeGrazia
  • StructuredStorageViewer
  • RegistryExplorer by EricZimmerman

COURSE PREREQUISITES

COURSE IS SELF-PACED, AVAILABLE ON DEMAND

DURATION: 18 hours

CPE POINTS: On completion you get a certificate granting you 18 CPE points.

The course starts on the 15th of December.

Course format: 

  • Self-paced
  • Pre-recorded
  • Accessible even after you finish the course
  • No preset deadlines
  • Materials are video, labs, and text
  • All videos captioned

What should you know before you join?

  • Basic understanding of HTTP protocol
  • Understanding of basic Windows internals such as Registry, File System
  • Cybersecurity Fundamentals

What will you need?

Windows 10 Operating System

Your instructor: Mahmoud Soheem

Profile photo of Mahmoud SoheemDissecting is my passion. Learning the inner working of Operating Systems is what makes me happy. I like learning new technologies, new programming language, learning anything related to computers. This endless field of knowledge where you find new technology emerging everyday helps me to satisfy my curiosity to learn new things. Currently I want to empower my knowledge with hands-on experience in the field of Digital Forensics and Incident response.

 


COURSE SYLLABUS


Module 0: Introduction about browsers

  • Basic browser concepts. 
  • Well known rendering engines.
  • Statistics for most used browsers (Browser Market Share Worldwide).

Module 1: Google Chrome

Google Chrome is the top-used browser in the market. Understanding Chrome artifacts will help the student to gain the required practical knowledge to work in any case, as the probability of using Chrome is high. Also, understanding Chrome will pave the way for the analyst to understand and work with multiple browsers such as Edge and other Chrome-based browsers.

Main artifacts that need to be collected and analyzed from Chrome browser:

  • History analysis
  • Cache analysis
  • Cookies analysis
  • Some other artifacts

For this module, the student will be given a triage image containing evidence of browser activity from an ex-employee of a company who exfiltrated important documents. The student will need to check the browser artifacts we learnt and know where to search. The exercise will be a set of multiple-choice questions. 

Module Workload Suggested Module Time: 4 hours


Module 2: Mozilla Firefox

Firefox is one of the well-known browsers in the market so we will work on understanding the browser artifacts important to profile user browsing activities.

  • Firefox History analysis
  • Firefox Cache analysis
  • Firefox Cookies analysis
  • Firefox other artifacts

For this module, the student will be given a triage image containing evidence of browser activity from an ex-employee of a company who exfiltrated important documents. The student will need to check the browser artifacts we learnt and know where to search. The exercise will be a set of multiple-choice questions. 

Module Workload Suggested Module Time: 3 hours


Module 3: Microsoft IE & Edge

Internet Explorer is one of the most used browsers in the enterprise environment because of its tight coupling with the Windows operating system and many systems still use it. We will also explore Edge, the new default browser for Microsoft Windows. Microsoft Edge has gone with huge update from EdgeHTML, which utilized IE databases, to Chromium-based browser recently, which led to its popularity in the market. We will also explore Internet Explorer because of its tightly coupling with Windows operating system. IE retired, but you need to explore its artifacts. IE database is used by other applications in Windows. Hence, they may provide you with important evidence.

  • IE & Edge History analysis
  • IE & Edge Cache analysis
  • IE & Edge Cookies analysis
  • IE & Edge other artifacts

For this module the student will be given a triage image containing evidence of browser activity from an ex-employee of a company who exfiltrated important documents. The student will need to check the browser artifacts we learnt and know where to search. The exercise will be a set of multiple-choice questions.  

Module Workload Suggested Module Time: 3 hours


Module 4: Live Response Tools for Browser Forensics

Using Velociraptor IR tool with other browser forensics tools for large scale incident response and analysis activities.

We will cover new techniques for browser forensics on a large scale for incident response activities where you will be doing analysis during the collection and acquisition phase for rapid response in a large enterprise environment.

The student will be asked to collect evidence of browser activity remotely using Velociraptor and Nirsoft tools from multiple devices that simulate working at an enterprise as a security practitioner.

Module Workload Suggested Module Time: 1 hour


Final exam:

The final exam will test the technical and theoretical details regarding browser artifacts.

 


Contact:

If you have any questions, please contact us at [email protected].

 

Reviews

There are no reviews yet.

Be the first to review “Browser Forensics (W57)”

Your email address will not be published. Required fields are marked *

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2013