Expanded

OS Analysis with The Sleuth Kit & Autopsy

In this course you will learn how to parse file systems and extract forensic artifacts that can be invaluable to incident responders, security analysts, and threat hunters.
Course info
Level
Intermediate
Updated
Sep 30, 2021
Duration
15m
Table of contents
Description
Course info
Level
Intermediate
Updated
Sep 30, 2021
Duration
15m
Your 10-day individual free trial includes:

Expanded library

This course and over 7,000+ additional courses from our full course library.

Hands-on library

Practice and apply knowledge faster in real-world scenarios with projects and interactive courses.
*Available on Premium only
Description

Being able to effectively analyze digital evidence and extract indicators of compromise is incredibly important. In fact, it’s crucial to properly scoping an incident and creating robust detection logic to prevent and detect future attacks. In this course, OS Analysis with The Sleuth Kit & Autopsy, you’ll cover how to utilize Sleuth Kit and Autopsy to detect process injection and artifact obfuscation in an enterprise environment. First, you’ll demonstrate how to detect process injection techniques such as process hollowing and injection. Next, you’ll operate identifying and detecting artifact obfuscation. When you’re finished with this course, you’ll have the skills and knowledge to detect these techniques, Process Inject (T1055) and Artifact Obfuscation (T1027) using Sleuth Kit and Autopsy.

About the author
About the author

Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi everyone. My name is Ashley Pearson, and welcome to my course, Operating System Analysis with Sleuth Kit & Autopsy. Working in a security operation center for the past few years has taught me how important it is to be able to effectively analyze digital evidence and extract indicators of compromise. In fact, it's crucial to properly scoping an incident and creating robust detection logic to prevent and detect future attacks. In this course, we'll cover case creation and management within Autopsy, how to load evidence files, and extract these forensic artifacts. We're going to be focusing on two attack tactics, process injection and file and object obfuscation. By the end of this course, you'll be able to leverage Autopsy to identify privilege escalation and detection evasion techniques. These skills are invaluable to incident responders, security analysts, and threat hunters like myself. I hope you'll join me in learning about the importance of operating system analysis with Sleuth Kit & Autopsy at Pluralsight.