This course has been designed for security professionals working in any type of organisation, regardless of size. Digital forensic examiners who are looking to expand their knowledge are also welcome.
Those attending should have knowledge about security software, as well as knowledge about various file types and properties (although these are not mandatory).
4 days, lecture-based with examples and lab work.
Data protection is a legal requirement for all organisations working in various industry sectors. As such, it is regulated and enforced where necessary. In today’s world an organisation faces threats not only from external sources (hacks, viruses, trojans, ransomware, etc.), but also from leaks fuelled by insiders. Some of the leaks are detected and prevented by the security software already in place while others go undetected because of the way they are performed.
The course covers the most commonly used methods to exfiltrate data without being detected by the DLP software and using tools that are built in the operating system. Thus, the need for elevated privileges is non-existent. During the lecture attendees will get a better understanding of various tools available in the chosen operating system, as well as the ways a file can be modified without any possibility to detect this.
During this course delegates will:
- Gain a better understanding of digital forensic science and the way it can be used to prevent data exfiltration.
- Become accustomed to file manipulation and how to extract hidden content.
- Learn how to use built-in system tools or software that is available for free to undertake investigations.
All of the methods are illustrated by demos not only in Windows, but also in Linux. This is because there are differences regarding the way to investigate the same exfiltration method.
The last day or day and a half will be used for lab training. Students will have the opportunity to apply knowledge gained and investigate all techniques presented.
1. Introduction to digital forensics
Definition, governing standards, and legal framework
Software used in investigations
Role of digital forensics in preventing data exfiltration and software toolkit
2. A few simple methods to exfiltrate data
File extension changing
Hidden notes in presentations
3. More complex methods
4. Advanced concepts
Using Microsoft Office to exfiltrate data
Changing file characteristics in order to hide data.