Cyber Security & Digital Forensics : From Beginner to Expert

Explore cybercrime and malware, define cybercrime, and classify offences against IT systems and data, including hacking, online fraud, data manipulation, and hybrid malware types.

Explore csam information gathering methods, including image hash databases like Photodna, AI-based visual recognition, web crawlers, network and blockchain analysis, and speech recognition to detect and remove material.

Explore phishing concepts, characteristics, and protective measures to prevent credential theft and data exposure. Learn to identify fake emails, websites, smishing, and vishing, and apply two-factor authentication and anti-phishing tools.

Explore the man-in-the-middle attack, where an attacker sits between parties to eavesdrop. Protect with HTTPS and VPNs, avoid public Wi-Fi networks, verify certificates, and enable two-factor authentication.

Explore spoofing, a cybercrime that fakes identities to deceive users and access data, including email, IP, or caller ID spoofing; verify authenticity with SPF and checks.

Understand how dns hijacking manipulates domain name records to redirect users to fraudulent sites, steal data, and distribute malware, and learn protective measures like secure dns, router updates, and vpn.

Explore how DDoS attacks use botnets to overwhelm resources and disrupt services, covering legal classification, target types, volume, protocol, and application overloads, and key risks.

DDoS attack scripts enable simple, single-source attacks for beginners, while DDoS toolkits coordinate botnets for large, multi-source assaults; understand differences and build robust protection.

Examine well-known dos scripts and their developments, their current usage in DDoS attacks, and how defenders mitigate evolving threats on web and IoT targets.

Cyberbullying, or cyber mobbing, uses digital tools to insult, threaten, or shame victims online, often anonymously and around the clock, with severe psychological and reputational effects.

Identify how cyber grooming targets minors online, using deception and trust to obtain intimate content and arrange meetings, and explore IT forensics and prevention strategies.

Explore hacking definitions, types, and methods, from unauthorized access to social engineering. Compare white hat and black hat hacking and learn security testing and defense.

Examine cryptocurrencies' characteristics, risks, and relevance for IT forensics, including blockchain analysis, decentralization, pseudonymous transactions, and wallet seizures with platform collaboration.

Deliver an overview of malware types and a detailed explanation of each category, including viruses, worms, trojans, logic bombs, backdoors, ransomware, spyware, adware, bots, and hardware-damaging malware.

Explore viruses, defined as malicious programs, and their types—boot sector, macro, and link—and protective measures like antivirus scans, caution with unknown attachments and media, and write-protection for forensic work.

Worms are autonomous malware that spread across networks without host files, often via email, messaging, IRC, or P2P, causing outages and data breaches.

Trojan horses disguise themselves as useful applications to gain trust, open back doors for unauthorized access, and enable data theft, remote control, spyware monitoring, and banking credential theft.

Rabbits are specialized worms that propagate by a single copy before deleting the original, leaving minimal traces, hopping across networks with stealthy, controlled spread for forensic study.

Explore how logic bombs activate under specific triggers and unleash harmful payloads. Learn countermeasures like code audits, behavioral monitoring, access controls, and regular backups.

Identify backdoors as malicious programs or embedded vulnerabilities that bypass authentication to grant unauthorized access. Identify rootkits and rats, and implement updates, intrusion detection systems, scans, and multi-factor authentication.

Protect systems from bacteria and fork bombs by limiting maximum processes, monitoring resource usage, and vetting scripts to prevent crashes and data loss.

Learn how adware secretly collects user data without consent to display ads, degrades performance, and redirects to unsafe sites, and apply countermeasures like trusted sources, extension reviews, and ad blockers.

Ransomware is a malware that blocks access and encrypts data, demanding payment in cryptocurrency. Forms include warning messages and task manager blocking; IT forensics study prevalence, impact, and countermeasures.

Discover how bots and botnets covertly harness infected devices for phishing, spam, DDoS, click fraud, and cryptocurrency mining, and learn key countermeasures including antivirus, traffic monitoring, updates, and network segmentation.

Dropper malware stealthily downloads and installs additional threats, serving as an initial attack stage; counteract with trusted sources, behavioral antivirus, regular scans, and timely updates.

Explore hardware damaging malware, a rare threat that can permanently damage Bios, firmware, and storage devices, and learn countermeasures like trusted updates, secure Bios access, and backups.

Hybrid or chimera malware blends multiple malware types to evade defenses, combining self-replication with data exfiltration. Countermeasures include next-gen antivirus, network segmentation, frequent updates, and user education.

Learn antivirus solutions with Disinfect, a Linux live system that boots independently to disinfect infected computers via bootable USB, and Thor Lite for malware analysis using customizable Yara rules.

Examine cybercrime and malware threats and prevention in today's digital world, and learn layered defenses, backups, updates, and multi-factor authentication to protect digital systems.

Define digital forensics as identifying, preserving, and analyzing digital evidence from computers and networks to investigate cybercrime, using post-mortem and live forensics and legally compliant documentation.

Examine specialized fields of forensics, including storage media forensics with bit-for-bit copies and evidence preservation, file system analysis, and network, cloud, multimedia, malware, mobile, and IoT forensics.

Apply a structured science-based approach to forensic questions: what happened, where, when, how, who, why; emphasize secure, forensically clean handling, documentation, and objective evaluation guided by Locard's exchange principle.

Learn how digital traces differ from physical traces, their volatile and persistent storage, and how forensic tools and file systems reveal evidence across Windows, macOS, and Linux.

Explore forensic procedures and methods in IT forensics, including post-mortem analysis and live forensics, to secure, analyze, and present digital evidence for cyber security and law enforcement.

Explore the forensic process model for secure digital investigations, covering identification, collection, analysis, and reporting while preserving evidence integrity and chain of custody per ISO/IEC 27037.

Explore approaches to digital forensics, covering operating system forensics, file system analysis, intrusion detection techniques, information technology application processes, and data processing methods to produce admissible evidence.

Explore forensic data types, from hardware data and raw data to log files and emails, network logs, and file metadata, and learn how digital traces yield evidence and reconstruct events.

Explore number systems, digitization, and encoding that convert text, images, and sound into machine readable data for forensics using binary, octal, and hexadecimal representations.

Explore how hash functions transform data into fixed-size outputs with collision resistance and irreversibility, supporting data integrity and secure password storage, and aiding csam detection in digital forensics.

Develop IT forensics readiness by selecting and testing backup tools, crafting an incident response plan, and preparing hardware and software, including write blockers and forensic workstations.

Preserve the integrity of digital evidence through seizure, secure storage, labeling, and a traceable chain of custody to ensure admissibility in court.

Explore data acquisition techniques in digital forensics, including forensic imaging and logical backup, to preserve evidence integrity, handle volatile data, and ensure legal admissibility.

Explore the forensic triage triangle and how priority-based actions protect volatile data stored in ram and other critical digital evidence across digital investigations.

Explore the fundamentals of file systems, including storage classification, management, and hard drive partitioning, then analyze hex dumps with hex editors to understand FAT and NTFS structures.

Explore the fundamentals of file systems and operating systems for digital forensics, learn to preserve and analyze physical and digital traces on storage devices, and understand CHS and LBA addressing.

Explore how file systems organize data storage, link the operating system to hardware, and manage fragmentation with allocation tables, fat, ntfs, clusters, and boot sectors.

Learn to analyze hex dumps from storage devices, decode binary data in hexadecimal, and apply endianness and data structure concepts for forensic analysis and parsing.

convert numbers between hex, binary, and decimal, understand endianness, and use hex editors and autopsy to analyze raw data in digital forensics.

Explore the hex editor interface to analyze raw data in hexadecimal and ASCII views, navigate disk images by sectors, and identify file structures and patterns for forensic investigations.

Explore how offset tables structure binary data, using hex editors to map offset addresses and data sizes, understand relative versus absolute offsets, and decode partition tables.

Discover how file systems allocate data with clusters instead of sectors, learn cluster–sector conversions, and compare MBR and GPT partitioning, boot sectors, EFI/UEFI, offset tables, and CRC checksums.

Explore the Fat12, Fat16, and Fat32 fat file system boot block and reserved region, including the boot loader, sector and cluster details, and backup boot sector.

Explore the fat file system structure, including fat region with fat one and fat two, cluster management, root directory behavior in fat12/16/32, and 32-byte directory entries.

Explain how VFAT extends the FAT file system to support long file names beyond 8.3 using phantom entries and a 0x0F attribute for backward compatibility.

Explore how the fat file allocation table maps a file's cluster chain from start cluster 28 through 29 to 31, showing fragmentation and boot sector and root directory roles.

Explore how Fat directory entries store 8.3 names, attributes, timestamps, and starting clusters, and how deletion and recovery rely on cluster chains and the FAT table.

Explore the NTFS file system, highlighting its security, stability, and efficiency features, including transaction logging, file-level access control lists, and built-in compression, introduced in 1993 to replace FAT.

Explore the NTFS boot block and master file table structure, including the boot sector at logical cluster zero, MFT location, cluster size, BPB/EBPB, boot code, and the 55 AA signature.

Explore how the NTFS master file table manages file and directory metadata with 1024-byte entries, a 42-byte header, and a 982-byte attribute section, including extents and extension records.

explore how the 64-bit reference address, formed from a 48-bit MFT entry number and a 16-bit sequence number, enables NTFS MFT identification and integrity checks, including resident and non-resident attributes.

Discover how NTFS uses resident and non-resident attributes within an MFD entry, detailing the header fields, type IDs, names, flags, content offsets, and the runlist mapping VCNs to LCNs.

The dollar standard information attribute in NTFS stores file metadata, including timestamps, flags, ownership, and security descriptors, enabling forensic tracking of file history and access.

Explore how the dollar data attribute stores file content in NTFS, whether resident in the MFT or non-resident across data runs, with VCN and LCN mappings.

Explore how NTFS stores and deletes files, detailing MFT entries, dollar bitmap and log, data writes, and directory index updates, enabling data integrity and recoverability.

Examine the exFAT file system as a modern alternative to Fat32 and NTFS, outlining its boot sector redundancy, cluster bitmap, upcase table, and Unicode support.

Explore the ext file system in Linux, including VFS, filesystem hierarchy standard, partitions, and block groups with superblocks, bitmaps, inodes, and data blocks.

Explore the APFs filesystem, the successor to HFS Plus, with dynamic containers. Learn about space sharing, copy on write, clones, snapshots, and atomic safe save for efficient, safe storage.

Explore Windows forensics and the artifacts left by system activity. Learn how registry insights, memory and disk traces, and cloud and browser data guide forensic analysis.

Trace the evolution from ms-dos to windows me, highlighting fat file allocation table, windows 3.x graphical improvements, and windows 95 98 me enhancements like internet integration and plug-and-play.

Explore Windows Vista's aero interface, UAC and BitLocker security, and Vista features like ReadyBoost and improved search, then compare to Windows 7's refined user interface, Aero enhancements, and DirectX 11.

Trace Windows 8's touch UI and start screen, Windows 11's centered design and features, and Windows 12 speculation about AI integration and a modular core PC system.

Explore Windows market share, noting Windows 73.4% dominance, macOS 15.5% and Linux 4.48%, and review Windows 10 editions' maximum RAM, CPUs, Hyper-V, and BitLocker for professional and educational use.

Traverse Windows system configurations and drive structures, comparing MBR and GPT partitioning, uEFI and BIOS boot, NTFS, ReFS, and FAT file systems, with forensic traces like prefetch and event logs.

Explore the Windows registry as the central nervous system of configuration. Learn hive structure, data types, and key files like Ntuser.dat for forensic tracing.

Use redshift to track Windows registry changes, capture baseline and post-change snapshots, compare results, and distinguish live versus post-mortem analysis across control sets and key hive paths.

Analyze Windows user accounts and security identifiers, including administrator, standard, and guest profiles, plus the Sam file, registry data, and password-related forensics.

Explore USB artefacts and transfer protocols—MSC, PTP, and MTP—and learn how forensic analysis using tools like USB to view and X-ways can reconstruct device connections, transfers, and metadata.

Discover how the Windows recycle bin stores deleted files per user and partition, using dollar I and dollar R files for recovery, with settings on size and deletion prompts.

Explains how Windows event logs serve as a central tool for forensics, capturing system and application events for monitoring, problem diagnosis, and tracing actions before crashes.

Explore Windows program executions via prefetch, timeline, AmCache, Shim Cache and Qram, detailing last runs, installation data, and executable paths for forensic analysis.

Explore how Windows timestamp formats, including NTFS file time (64 bit, 100-nanosecond intervals since 1601 UTC), Windows system time (128 bit), Unix timestamp, and MS-DOS timestamp, enable forensic timeline reconstruction.

Explore how thumbs.db and the Windows thumb cache support thumbnail previews, their transition from centralized to decentralized storage, and their forensic value for reconstructing past user activity.

Explore how volume shadow copy via the VSS service preserves system and user data with snapshots. Use restore points and previous versions for data recovery and forensic analysis.

Analyze Windows user traces such as user assist data in the registry and open save files and last activity records, lnk shortcuts, and jump lists to reconstruct forensic actions.

Analyze cloud and browser artifacts to uncover digital evidence, including cloud data access, token vs direct login methods, Tor browser traces, and forensic analysis of emails and Office documents.

Trace Unix origins to the Linux kernel, explore open source licenses, then survey forensic Linux distributions, live mode, installation methods, and the everything is a file principle for investigations.

Examine the Linux filesystem hierarchy standard, user and group management, permissions, and essential log files, then apply forensic tools and live analysis techniques for digital investigations.

Explore how macOS forensic investigators use built-in tools for evidence capture, analysis, and backups, including screen capture, target disk mode, and disk image investigations with Magnet AXIOM and Forensic Explorer.

Explore macOS browser artifacts for forensics, including history, cookies, bookmarks, and saved passwords across Safari, Chrome, Firefox, Tor, and Opera. Examine cloud, communication, and office artifacts to reconstruct user activity.

BitLocker provides transparent disk encryption in Windows, leveraging TPM, uEFI Secure Boot, and optional PIN or USB startup key to protect system and data.

EFS encrypts files and folders on NTFS transparently with a hybrid key - AES-256 symmetric encryption protected by the user's public key stored in Windows certificate store.

Explore Veracrypt's open source, cross-platform encryption for full disk and container protection, with bootloader authentication, on-the-fly encryption, hidden volumes, and AES, Twofish, and Serpent algorithms.

Explore hands-on practice with essential forensic tools, guided step by step to understand how these tools work and apply them to real cyber security scenarios.

Discover a curated GitHub page of free forensic tools, organized by topic—from live and memory forensics to file carving, network, artifacts, and metadata analysis.

Create forensic disk images and RAM dumps with ftk imager, choosing physical or logical drives, using a write blocker, generating e01 images with checksums, and verifying integrity.

Learn to perform a forensic disk image of an internal ssd using kali linux's g-major tool, choosing raw or e01 formats, entering metadata, and applying dual hash verification.

Use the dd command in bash to copy a file with a one megabyte block size and verify integrity with sha256sum by comparing hashes.

Learn forensic analysis with Autopsy by creating a case, loading a disk image or VM, and extracting artifacts like browser history, USB devices, and run programs.

Explore NirLauncher, a comprehensive collection of forensic tools for analyzing artifacts, including system utilities, browser history, password handling, registry hives, and network activity.

Analyze memory dumps with Volatility Workbench to inspect the processor list, MFT scan and ADS, zone identifiers, TrueCrypt passphrases, and nearby plain text data.