"I knew exactly what to do, but in a much more real sense, I had no idea what to do" - Michael Scott (The Office)
With NW3C's DF100 under my belt, I'm strutting around the office like I'm now the subject matter expert in Digital Forensics... part of that stemming from the confidence I gained from the course, the other part due to the fact that I'm an arrogant sumbitch.
Enter NW3C's DF201: Intermediate Digital Forensics Analysis Course: What have I gotten myself into? To break it down there are three big takeaways from this course... Autopsy, X-Ways, and AXIOM... and break it down we shall... just like Ivan Drago (yeah I know he lost, but why waste one of his few memorable quotes from Rocky IV?). Autopsy, X-Ways, and AXIOM are the three tools covered in this course. You spend roughly a day and a half covering each tool, completing a capture the flag-style competition after getting the crash course in each tool.
Autopsy is the first digital forensics tool that I had a chance to use. It's open-source and costs a whole FREE-Ninety-Nine + tax (which is your soul). Autopsy may not be pretty, but it's definitely not ugly. With ingest modules and plug-in support for things like optical character recognition (OCR), if you're ballin' on a budget, Autopsy is your wingman. I really like autopsy and it's ability to parse a lot of information just like the big boys. It wasn't my favorite of the three, but it was a close second.
X-Ways is the most logical tool we used. If you want to see root folders and information exactly as you would see it on a desktop computer X-Ways is what you'll love to hate. Personally I think X-Ways is a fucking nightmare, but I see it's value compared to the other two tools covered in the course. If your suspect is hiding evidence or causing conflicts with the systems extensions, X-Ways is going to let you know real quick. The user interface isn't the best, but it was definitely a tool that was made for people who just want the raw data... no bells and whistles.
Magnet AXIOM is the Girl in the Red Ferrari of the three forensic tools. As Clark Griswold would say "You'll be whistling Zip-A-Dee-Doo-Dah out of your assholes!!!"; and whistle I did. AXIOM was designed for Barney Fife, but it might as well been designed for Barney the Dinosaur. It is by far the easiest forensic tool of the three to maneuver. It provides you all of the artifacts up front in Artifacts View, because let's face it, we want the meat and potatoes of a forensic image, the recipe is just an added bonus. File System view, which provides the logical view of the extraction, is stupid simple to use. The folks at Magnet understood that it's users need things to be simple, and I think AXIOM goes above and beyond with as a forensic tool.
I can't speak highly enough of NW3C's staff. These guys put the student's first. They have answered questions long after the class concluded. They have taken each tool and created a curriculum that will help newbies like myself get a basic understanding of the different forensic tools and the fundamentals you will utilize regardless of which tool you choose. Add this course to your wishlist if you're new to digital forensics. You can thank me (or NW3C) later.
CPE: 32 Hours
Course Cost: FREE
Hasta la vista, baby,
RB4N6
Comments
Post a Comment