| Lec No. | Topic | Materials |
|---|---|---|
| 1 | Introduce the grading pattern, credit, classes and lab session of the course. Motivation behind the course. Introduction to Digital Forensics 29 August, 2024 | PPT & Lesson Plan |
| 2 | Kali Linux Installation and familiarization, Basic Commands 30 August, 2024 | PPT |
| 3 | Understanding File systems and Storage Media: history of storage media, File system and Operating System, DATA states and metadata, slack space, data volatility, Paging and its importance in digital forensics 03 September, 2024 | PPT |
| 4 | Incident Response and Data Acquisition, Hashing, DFIR Chain of Custody (CoC) 05 September, 2024 | PPT |
| 5 | Different Hash Commands in Kali Linux, MD5, SHA256, hash commands in python environment and examples 06 September, 2024 | PPT |
| 6 | Evidence Acquisition and Preservation with dc3dd 10 September, 2024 | PPT |
| 7 | Evidence Acquisition and Preservation with dd and dc3dd commands in python environment and examples 12 September, 2024 | PPT |
| 8 | Image Acquisition, Guymager, FTK Imager 13 September, 2024 | PPT & FTK Imager Tutorial |
| 9 | Introduction to File Recovery and Data Carving Forensic test images, foremost 19 September, 2024 | PPT & Foremost Tutorial |
| 10 | foremost in python environment and examples 20 September, 2024 | PPT |
| 11 | bulk extractor, explore bulk extractor in python environment and examples 24 September, 2024 | PPT & Sample memory dump file |
| 12 | Introdcution to Scalpel, and Scalpel in python environment and examples 26 September, 2024 | PPT |
| 13 | Introdcution to magicrescue, and magicrescue in python environment and examples 27 September, 2024 | PPT |
| 14 | Introduction Memory Forensics and analysis, Introducing the Volatility Framework 01 October, 2024 | PPT |
| 15 | Memory Forensic: Volatility 3 Investigation using plugins 03 October, 2024 | PPT |
| 16 | Quiz and Assignments 04 October, 2024 | PPT & Lab Record Format |
| 17 | Investigation on Known Trojans Using Volatility3 15 October, 2024 | PPT |
| 18 | Network connection and host analysis using p0f 17 October, 2024 | PPT |
| 19 | Discussion on p0f Assignments 18 October, 2024 | |
| 20 | Swap digger, mini penguin and pdf perser 21 October, 2024 | PPT |
| 21 | Swap digger, mini penguin and pdf perser 22 October, 2024 | PPT |
| 22 | Ransomeware Analysis Using Volatility3 28 October, 2024 | PPT |
| 23 | Introduction to autopsy, autopsy forensic browser, Automated Digital Forensic Suites, Introduction and setup Autopsy 29 October, 2024 | PPT |
| 24 | Assignment on Volatility 04 November, 2024 | |
| 25 | Assignment network traffic analysis 05 November, 2024 | |
| 26 | Quiz 07 November, 2024 | PPT |
| 27 | Hashing, Digital Signature & Blockchain 11 November, 2024 | PPT |
| 28 | Hashing, Digital Signature & Blockchain 12 November, 2024 | |
| 29 | Preliminaries of Network 25 November, 2024 | PPT |
| 30 | netdiscover 26 November, 2024 | PPT |
| 31 | Assignments on netdiscover 28 November, 2024 | |
| 32 | Introduction to nmap 02 December, 2024 | PPT |
| 33 | nmap 03 December, 2024 | |
| 34 | Parsing nmap output using python 05 December, 2024 | PPT |
| 35 | Scan Public IoT network with Shodan.io 09 December, 2024 | PPT & Shodan Filters |
| 36 | Packet Capture Analysis with Xplico 10 December, 2024 | PPT & xplico website |
| 37 | Introduction to wireshark 12 December, 2024 | |
| 38 | Introduction to Wireshark 16 December, 2024 | PPT |
| 39 | Network packet analysis of different protocols using wireshark 17 December, 2024 | PPT |
| 40 | Network Packet Analysis using packettotal.com(lab.dynamite.ai) & apackets.com & scapy 19 December, 2024 | PPT & Scapy Library |
| 41 | Definition of Different Attacks (Required for mini project) 23 December, 2024 | PPT & Mini Project Problem Statement |
| 42 | Discussion on Mini Project 24 December, 2024 |
| Digital Forensics with Kali Linux Second Edition, Shiva V. N. Parasram, Packt |
| 1 | Pyhton code to check file integrity: Write a python program that takes three command-line arguments: the paths to two files and the name of a hash algorithm (as shown in slide 2 of Class 6 on 6 Sept. 2024 ). The program will compare the contents of the two files by hashing them and checking if the hashes are the same. Published on : 2024-09-06, Last date of submission : 2024-09-06 |
| 2 | dd in python environemnt: Read all the available file name of given directory (passed from command line argument) in python array and send the file names one by one to dd. Check attachment for the required python functions Published on : 2024-09-12, Last date of submission : 2024-09-12 |
| 3 | foremost in python: Please check the attachment for the details Published on : 2024-09-20, Last date of submission : 2024-09-20 |
| 4 | bulk_extractor in python: Develop a Python program that runs bulk_extractor on a list of input image files stored in a Python array, where the images are sourced from the directory path specified in the first command-line argument (input directory path). The output directories generated by bulk_extractor should be stored in the directory path provided as the second command-line argument (output directory path). The third command-line argument specifies the number of threads to be used by bulk_extractor. The sub process command are shown in attachment Published on : 2024-09-24, Last date of submission : 2024-09-24 |
| 5 | Python program to combine foremost and scalpel: Develop a Python program that takes four command-line arguments:(1)The name of the tool (foremost or scalpel), (2)The input file path, (3)The output directory path and (4)The location of the configuration file.This Python program should run both scalpel and foremost on the specified input file (the 2nd command-line argument) using the configuration file (the 4th command-line argument). The output from both tools should be stored in the directory specified by the output directory path (the 3rd command-line argument). Published on : 2024-09-27, Last date of submission : 2024-09-27 |
| 6 | Python program to combine foremost and magicrescue: Develop a Python program that takes four command-line arguments : (1)The name of the tool (foremost or magicrescue), (2)The input file path, (3)The output directory path and (4)The type of file(s) to be carved. This Python program should run both magicrescue and foremost on the specified input file (the 2nd command-line argument) using the type of file(s) to be recovered (the 4th command-line argument). The output from both tools should be stored in the directory specified by the output directory path (the 3rd command-line argument). Published on : 2024-09-27, Last date of submission : 2024-09-27 |
| 7 | Finding hidden process from memory dump file of a given trojan: Download the memory dump file of the Bundes Trojan (0zapftis) from the links provided in the attachment. Carefully extract the file using unrar in a KALI environment, taking proper precautions. Run and save the output of the pslist and psxview plugins on the 0zapftis.vmem file. Then, develop a Python program to compare the output files from pslist and psxview, identifying any hidden processes in the 0zapftis.vmem file by comparing the PID and PPID values. Published on : 2024-10-03, Last date of submission : 2024-10-03 |
| 8 | Network traffic analysis using p0f: Read network traffic at the wired interface of your computer using p0f for at least 5 minutes. Investigate the content of the log file generated from p0f command. Count (i)number of unique servers and clients. (ii)Find unique server-client communication(iii) number of unique server ports and client ports. (iv) Find most recent packet (v) find oldest packet Published on : 2024-10-17, Last date of submission : 2024-10-17 |
| 9 | Network traffic analysis using p0f:: Investigate the content of the attached log file generated from the p0f command and perform the following tasks:
(i)Count the number of unique servers and clients.
(ii)Count the number of unique server-client communications.
(iii)Count the number of unique server ports and client ports.
(iv)Identify the most popular and least used port numbers.
(v)Find the timestamps of the latest and oldest packets.
(vi)List the detected operating systems.
(vii)Identify the client IP address and port that has remained active for the longest time.
Please paste the output of your program along with the code and make them bold Published on : 2024-10-18, Last date of submission : 2024-10-18 |
| 10 | Wannacry memory file analysis using volatility3: Please download the memory file of the wannacry of ransomeware and run the following plugins of volatility3 1) psxview 2)cmdline 3) envars 4) getsids 5)privileges and 6)malfind. Please paste the plugin commands (along with username) and output of the above-mentioned commands by filtering out the PID (740) of wanncry malicious program Published on : 2024-10-28, Last date of submission : 2024-10-28 |
| 11 | Wannacry memory file analysis using volatility3: Download the memory dump of the WannaCry ransomware, ensuring all necessary precautions are taken. Develop a Python program that reads commands from a CSV file, where each row contains a single command. The program should execute each command sequentially on the WannaCry memory dump using Volatility 3, and store the results of all commands in a report.log file.
If the -r flag, along with the process ID and image filename of the WannaCry ransomware, are provided as command-line arguments to the Python script, the program will filter (use grep) the report file to include only lines relevant to WannaCry. Published on : 2024-11-04, Last date of submission : 2024-11-04 |
| 12 | Network traffic analysis on given pcap: : Download pcap file. Investigate the content of the pcap using python script library to Count (i)number of unique servers and clients. (ii)Find unique server-client communication(iii) number of unique server ports and client ports (iv) name of the protocols. Published on : 2024-11-05, Last date of submission : 2024-11-05 |
| 13 | Investigation of data dump files using Autopsy: Open the below link and down four E01 files, extract the below information for four files  and submit.1)Mount point, 2)Filesystem type, 3)List of exe and all deleted files along (written timestamp, accessed timestamp, createdtimestamp, size, uid, gid, meta)
Links Published on : 2024-11-07, Last date of submission : 2024-11-07 |
| 14 | Run plugins of volatility3 on 0zapftis.vmem: Check the plugins below for Volatility 3 on 0zapftis.vmem. Some plugins may not run successfully on this memory dump. For those that do run successfully, record them in a CSV file. Develop a Python program that reads the plugins from the CSV file and calls them. The list of plugins to be tested are: windows.info, windows.pslist, windows.pstree, windows.dlllist, windows.modules, windows.netscan, windows.handles, windows.procdump, windows.cmdline, windows.filescan, windows.registry.hivelist, windows.driverirp, windows.malfind, windows.sockets, windows.bigpools
windows.timeliner, windows.getservicesids, windows.userassist
windows.svcscan, windows.threads, windows.envars. Submit python code and the content of csv Published on : 2024-11-11, Last date of submission : 2024-11-11 |
| 15 | preprocessing the log of netdiscover: (i)Run netdiscover on a specified IP range of your subnet for 100 seconds (using timeout with your netdiscover command). Store the output of netdiscover in a file named log using input-output redirection. (ii)The log file contains random tabs and spaces, making it difficult to extract IP addresses, MAC addresses, and vendor names in a specific pattern for further analysis. Use the awk command to process the log file and explore the behavior of awk (e.g., awk '{print $1, $2, $3, $4, $5}' log). Apply the awk command to filter out IP addresses, MAC addresses, and vendor names, and save the output to a file named filter_log.csv. (iii)After filtering, the filter_log.csv file may still contain some lines that do not have valid IP addresses, MAC addresses, or vendor names. Use the provided Python function to remove lines that do not start with numbers (indicating invalid IPs) and store the output in pre_process.csv. Published on : 2024-11-28, Last date of submission : 2024-11-28 |
| 16 | List the suspicious MAC addresses in the network: This is a follow-up question related to preprocessing the log file from netdiscover. Using the pre_process.csv file you obtained, your task is to identify malicious devices in your network. Assume that any device whose vendor is not HP or Dell is considered suspicious.
Develop a Python program that takes pre_process.csv as input and lists the suspicious MAC addresses in the network. Published on : 2024-11-28, Last date of submission : 2024-11-28 |
| 17 | Parsing nmap output: Develop a python code to scan your subnet using nmap. Parse the IP Addresses, MAC Addresses and status of the Port Addresses using this python code in a csv file. Modify the code to scan multiple ports like 22, 80, 81, 135, 139, 445, 1433. Submit only the python code Published on : 2024-12-05, Last date of submission : 2024-12-05 |
| 18 | Scan public IoT devices using SHODAN: Analyze the Following Statistics Using Shodan.io
1)Find the top 5 open ports in the location "Bhubaneshwar, city, Bhubaneswar Municipal Corporation, India" using the geo filter. 2)Identify the top 5 operating systems in Bhubaneswar using the city filter. 3)Determine the number of Hikvision IP cameras in Bhubaneswar. 4)Identify the top organizations in Bhubaneswar that use 'Hikvision IP cameras'. 5)Find the number of devices in Bhubaneswar running Apache 2.2.3. Additionally, identify the most commonly used port by these devices. 6)Determine the number of 'Fortinet' products in Bhubaneswar. 7)Find the number of devices in Bhubaneswar that use the hostname 'admin'. 8)Identify the number of devices in Bhubaneswar where the SSH port is open. 9)Find the number of devices in Bhubaneswar where both HTTP (port 80) and HTTPS (port 443) ports are open. 10)Identify how many devices in Bhubaneswar have an expired SSL certificate. Please paste your all filter commands along with the results Published on : 2024-12-12, Last date of submission : 2024-12-09 |
| 19 | Mini Project on Network Packet Analysis: Capture network packets in a PCAP file using Scapy in a Python environment. Develop Python code to identify anomalies in the given packets inside the PCAP file based on the following rules: Rule 1: Common destination ports for TCP and UDP. Rule 2: Excessive Traffic (DDoS). Rule 3: Number of packets and packet size. Rule 4: Unsolicited ARP replies. Rule 5: Unusually large DNS responses. Rule 6: Excessive ICMP Echo requests. Rule 7: Excessive TCP SYN. Rule 8: IPs scans excessive ports. Please find the attached file for further details. Kindly submit only the Python code, not the PCAP file. Published on : 2024-12-26, Last date of submission : 2025-01-02 |
Comments
Really enjoyed this course with rourab sir.
The classes were good but I was not attentive so I have no reason to give bad feedback sir.
it was good
The classroom experience was at its finest. Although the interaction was of a few months, still it was really insightful and showed me my path in my career in cybersecurity. Thanks a lot, sir for this awesome experience.
learnt a lot abt new tools that are useful for forensics
This course developed my interest in pursuing a career in cybersecurity, with an effective combination of practical tools and concepts of digital forensics. Thank you, sir!
Thank you Sir, for an excellent digital forensics workshop. Your clear explanations and hands-on approach made topics easy to understand. The practical sessions were insightful and greatly enhanced my skills. I appreciate your dedication and the interactive learning experience. Looking forward to more workshops under your guidance.
This course help to know about the different area of cybersecurity and also helped a lot in gaining experience on tools used in forensics and how to automate this tool using python.Thank you rourab sir for giving your valuable experience to us.
The DFW course was a great learning experience. The classroom sessions were really well-organized, and the PPTs made everything so easy to follow. Overall, it was an engaging and enriching experience Thank you, sir, for such a well-organized and effective Course
It was a good experience exploring this field of Cybersecurity and to top it off with an amazing teacher like you !! Great teaching, well understood topics, interactive and fun classes, organized materials - overall an amazing semester it was !! I do really hope to have you teach us next Semester too sir :)
Rourab Sir conducted the Digital Forensics workshop with exceptional expertise, presenting complex topics in an engaging and understandable manner. His hands-on approach, combined with real-world case studies, made the session both practical and insightful. He was approachable and encouraged active participation, ensuring all queries were addressed. A slight improvement in time management and catering to varied skill levels would further enhance the learning experience. Overall, it was an informative and well-delivered workshop that left participants with valuable knowledge and skills. Thank You Sir for your guidance to us. Sir, please again reopen the assignments.
This course gave me more deep knowledge about basic cyber security concepts and various types of forensic tools and their usage. Also the teaching method of Rourab Sir kept me doubtless abt the assignments and theory.. Overall the experience is better????
It was good
The experience was good. Sir bought back my interest in cyber security with this course. 4 stars because I wanted to go more in depth.
Overall the experience was good but I was not able to understand the use python libraries like scapy and all. Would have loved it if I got to know more about how and when to apply the functions in those libraries. Apart from these I honestly have great respect for all the knowledge that you have (which you shared with us ) and all your achievements. You have become my ideal in this cybersecurity field
I'm not quite intrested in cybersecurity from beginning baas haker ban ne ke josh mai cybersecurity select kar liya, abhi jab realise ho raha hai nd it's too late. Jab starting classes chal raha ta kuch bi palle nhi padh raha ta still class kar raha ta phir sir attendance nhi diye Qki mere assignment thik se execute nahi ho raha ta. Sir pir attendance kat lete te, baas usi attendance ke chakar mai class kar raha ta... Then sir bole mereko tum class mat ao mai attendance de dunga wo sab class ka, toh mai puri siddat se class nahi kiya and now sir bol rahe hai tumara BACK lagega ????.. I'm so done ????
The course itself is not up to the mark. Overall the experience was fine.
it's good.
The course itself does'nt teach a lot that you can't learn yourself,most of the python programs were not taught and instead were just given on spot,teacher should have explain the libraries,how it works and its purposes.Anyone can open linux and type some commands to get the desired output,that was not what i hoped to learn from this course.Overall i think the course need improvement and should cover more major topics that affect this field.