1 of 10

Andrew - 10/15/2025

Introduction to Forensics

2 of 10

So, what is Digital Forensics?

  • The science of recovering and analyzing digital data.
  • Used to investigate cybercrimes, data breaches, and system intrusions.
  • Involves reconstructing events from digital evidence.

3 of 10

What types of digital forensics are there?

  • Computer Forensics: Analyzing data from computers and storage devices.
  • Network Forensics: Monitoring and analyzing network traffic for suspicious activity.
  • Mobile Forensics: Extracting data from mobile devices like smartphones and tablets.
  • Cloud Forensics: Investigating data stored in cloud environments.

4 of 10

Image Forensics & Steganography

Steganography: The practice of concealing data within other files, such as images.

Tools:

  • steghide: Hide and extract data from JPEG, BMP, WAV, and AU files.
  • zsteg: Detects LSB (Least Significant Bit) steganography in PNG and BMP images.
  • ExifTool: Extracts metadata from images, revealing hidden information.

5 of 10

PCAP Analysis & Network Forensics

PCAP Files: Packet Capture files that record network traffic.

Tools:

  • Wireshark: A GUI tool for analyzing PCAP files.
  • TShark: The command-line version of Wireshark.
  • tcpdump: Captures network packets from the command line.

Techniques:

  • Filtering traffic by protocol or IP address.
  • Reconstructing HTTP sessions to extract hidden data.

6 of 10

Disk Imaging & Analysis

Disk Imaging: Creating an exact copy of a storage device for analysis.

Tools:

  • dd: A command-line tool for copying and converting files.
  • Guymager: A GUI tool for creating disk images.
  • Autopsy: A digital forensics platform for analyzing disk images.

Techniques:

  • Creating write-blocked images to preserve evidence.
  • Analyzing file systems and recovering deleted files.

7 of 10

Here are some useful Linux Commands for Forensics:

  • strings: Extracts human-readable text from binary files.
  • grep: Searches for patterns within files.
  • find: Locates files based on criteria.
  • netstat: Displays network connections.
  • ps: Shows running processes.

8 of 10

Challenge Demonstration!

9 of 10

Some Useful Tools and Resources

Tools:

  • binwalk: Extracts embedded files and executable code.
  • zsteg: Detects LSB steganography in images.
  • Wireshark: Analyzes network traffic.
  • ExifTool: Extracts metadata from files.

Resources:

10 of 10

Thank you!

lock in for challs twin