This repository contains a collection of hands-on digital forensics labs focused on Linux, Windows, mobile, and network environments. The labs emphasize practical techniques used in real-world investigations such as timeline reconstruction, artifact recovery, user activity correlation, and memory analysis.
-
Applying the Daubert Standard to Forensic Evidence
Examines the admissibility of forensic techniques using legal standards for scientific reliability. -
Recognizing the Use of Steganography in Image and Audio Files
Identifies and analyzes hidden data embedded in multimedia files. -
Recovering Deleted and Damaged Files
Demonstrates data recovery through file carving and hex-level analysis. -
Conducting an Incident Response Investigation
Documents key steps in live response and post-breach evidence collection. -
Forensic Investigations on Windows Systems
Investigates Windows-specific artifacts like registry keys, logs, and application usage traces. -
Forensic Investigations on Linux Systems
Analyzes bash history, system logs, cron jobs, and shell artifact correlation. -
Email and Chat Log Analysis
Examines metadata, headers, and message content for signs of tampering or exfiltration. -
Mobile Device Forensics
Focuses on device acquisition, application artifact recovery, and location data interpretation. -
Network Infrastructure Forensics
Analyzes router, firewall, and DHCP logs to identify compromise patterns and unauthorized access. -
System Memory Forensics
Extracts volatile data, running processes, injected code, and registry fragments from live memory.
- SleuthKit (
fls,istat,mactime) auditdandausearch- Memory analysis utilities
- File carving tools and hex editors
- Linux and Windows command-line forensics
- Timeline reconstruction and user behavior profiling
Michael Twining
Cybersecurity Researcher | Digital Forensics & Incident Response | GitHub: @usrtem
๐ซ michael.twining@outlook.com
๐ LinkedIn | YouTube
This project is licensed under the Creative Commons Attribution 4.0 International License.