Application Password Crackers
Objective of this exercise is to crack the password of a zip or rar file with Archive Password Recovery. Confidential data is always protected with security controls such as a password and Forensics investigator should be able to crack this password.
Load Processes Using SPE
Objective of this exercise is to learn how to analyze context of loaded processes using Sysinternals Process Explorer and find what dlls a process loaded into memory. Then determine the properties of that process and dlls along with finding out what ports are opened by a target process.
Dumpit and FTK Imager
Objective of this exercise is to learn how to capture RAM Image using dumpit and FTK Imager. Once RAM image is captured, volatile data is preserved. Forensic investigator will analyze image with volatility to find credentials, systems hashes, registry configurations, processes, dynamic link libraries and ports opened by process. Forensic investigator should know how to capture RAM image, and this exercise will ensure that.
EASEUS Data Recovery
Objective of this exercise is to learn how to perform File/partition Recovery with EASEUS Data recovery. Many times file and partition is deleted intentionally and unintentionally, hard disk is formated to hide artifacts. This exercise tells how recover such data.
Steganography and Image FF
Objective of this exercise is to learn how to analyze image file headers using Hex Workshop. Each file has a different file header and if the attacker changed this file extension then the forensic investigator should be able to recognize the file type through analysis of the file header.