Simple play icon Course

OS Analysis with The Sleuth Kit & Autopsy

by Ashley Pearson

In this course you will learn how to parse file systems and extract forensic artifacts that can be invaluable to incident responders, security analysts, and threat hunters.

What you'll learn

Being able to effectively analyze digital evidence and extract indicators of compromise is incredibly important. In fact, it’s crucial to properly scoping an incident and creating robust detection logic to prevent and detect future attacks. In this course, OS Analysis with The Sleuth Kit & Autopsy, you’ll cover how to utilize Sleuth Kit and Autopsy to detect process injection and artifact obfuscation in an enterprise environment. First, you’ll demonstrate how to detect process injection techniques such as process hollowing and injection. Next, you’ll operate identifying and detecting artifact obfuscation. When you’re finished with this course, you’ll have the skills and knowledge to detect these techniques, Process Inject (T1055) and Artifact Obfuscation (T1027) using Sleuth Kit and Autopsy.

About the author

Ashley Pearson is a former system administrator turned threat hunter. She has spent the past 3 years of her 8+ year IT career specializing in cyber security. She currently works as a threat hunter and occasional incident responder or forensic analyst. She continues to feed her passion by actively participating in the InfoSec community, attending conferences, and pursuing higher education. Outside of work, Ashley enjoys running, video games, and reading.

Ready to upskill? Get started