NDG Forensics labs provide hands-on experience conducting a variety of forensics practices. These skills can help prepare trainees for a variety of IT positions, including: Computer Forensic Analyst, Digital Forensic Examiner, Digital Forensics Incident Response and Security Administrator.
The labs map to several leading industry certifications, as noted in the Supported Labs table below.
NDG Forensics labs are supported in NETLAB+ using the NDG Forensics Pod.
These labs are also available as an NDG Online hosted lab offering.
The National Initiative for Cybersecurity Education (NICE) is focused on the necessity to prepare, recruit, train develop and retain a diverse, qualified cybersecurity workforce capable of preventing and defending against ever-increasing threats. Using the NIST NICE CyberSecurity Workforce Framework, they categorize, organize and describe cybersecurity work in to high-level categories, each comprised into several specialty areas. The framework category, Protect and Defend, includes the specialty areas responsible for the identification, analysis, and mitigation of threats to internal IT systems or networks, which require Forensics skills:
| Lab | Title | SANS GCFE Areas | ISC2 CCFP Domain | EC-Council CHFI |
|---|---|---|---|---|
| 1 | Exploring the Windows File System |
|
|
|
| 2 | Exploring the Linux File System |
|
|
|
| 3 | Introduction to Partitions (MBR & GPT) |
|
|
|
| 4 | Forensic Acquisition Using Linux Tools |
|
|
|
| 5 | Obtaining and Analyzing Memory |
|
|
|
| 6 | Linux OS Artifact Forensics |
|
||
| 7 | Windows OS Artifact Forensics |
|
|
|
| 8 | Windows Registry Forensics |
|
|
|
| 9 | Web Browser Forensics |
|
||
| 10 | Network Forensics |
|
|
|
| 11 | Introduction to Autopsy | |||
| 12 | Introduction to Digital Forensics Framework | |||
| 13 | Data Carving |
|
|
|
| 14 | Email Forensics |
|
|
|
| 15 | Steganography |
|
||
| 16 | Introduction to Android OS |
|
|
|
| 17 | Android Logical Acquisition |
|
|
|
| 18 | Recovering Passwords |
|
||
| 19 | Log Analysis |
|
|
The books listed below are recommended resources to accompany the NDG Forensics labs.
Guide to Computer Forensics and Investigations, 5th ed. Bill Nelson, Amelia Phillips, Christopher Steuart ISBN-13: 978-1285060033 ISBN-10: 1285060032 Cengage Learning Digital Forensics with Open Source Tools Harlan Carvey, Harlan Carvey ISBN-13: 978-1597495868 ISBN-10: 1597495867 Elsevier, Inc. A Practical Guide to Computer Investigations Darren R. Hayes ISBN-13: 978-0789741158 ISBN-10: 0789741156 Pearson Education, Inc.
To enable the NDG Forensics labs, create a class and check the box for "NDG Forensics" in the global labs class settings.
Always select the correct lab exercise for the lab being performed. Students or teams should schedule the correct lab exercise from the catalog. NETLAB+ will only show those labs for which the required pod type is available. A lab that works on different pod types may appear more than once if your system is so equipped. Instructors should select the correct lab from the Exercise tab during instructor-led lab reservations. This can be done as many times as needed during the reservation.
