Forensic Area Topic Description Owner Projected Completion Date Complete
Network Forensics Botnet Forensics Explain Botnet traffic, forensics, tools, etc.
Tool Usage Bulk_Extractor

Detail and show usage of bulk_e for raw file and file structure analysis.

Moshe Caplan September 17, 2012
Operating System CentOS

Introduce CentOS and how to forensically investigate it. 

Tool Usage CERT Forensic VM

Show usage, tools, etc

Moshe Caplan August 13, 2012
Tool Usage Chat Client Forensics Show different chat clients, remnant data,etc.
Steganography Covert Channels (Network) Show network cover channels
Tool Usage Cygwin Explain and demonstrate Cygwin, how it can be used to leverage linux tools in a windows environment.
Mechanism DFXML Explain and show DFXML, how it can be leveraged, etc
Tool Usage Fiwalk Show fiwalk usage
File System Analysis Forensic File Formats Go farther than wiki's and show how to handle different formats.
Mechanism Hashing Explain and show file hashing, tools, techniques for hash comparisons.
Tool Usage Hexadecimal Editors Show different Hex editors, how to use them, etc.
Operating System Hibernation File Explain and show hiberfile.sys analysis, tools, etc
File System Analysis JSON data analysis Social networking remnant data (bulk_extractor feature file)
Operating System Kernel Forensics Explain what the Kernel is, how to investigate it, etc.
File System Analysis Known File Filter Using KFF outside of FTK
Log File Analysis Linux Log File Analysis Show forensically interesting logs, tools to extract & analyze, etc.
Tool Usage Live View (SEI) Show how to use Live View against different types of files.
Operating System Master File Table Analysis (MFT) Explain the MFT, how to analyze it, and what tools are available.
Network Forensics NetFlow data analysis explain NetFlow and what information it has that could pertain to a forensic investigation
Tool Usage Network Miner Show the free tool usage
Tool Usage NIST software reference library Using the NIST library in investigations
Operating System Page File Analysis Explain and show pagefile analysis, tools, etc
Cryptography Password cracking, bruteforcing Go over password cracking, wordlist building, bruteforcing, and processing power needed.
Tool Usage PRTKCryptool Explain and demonstrate tool usage.
Tool Usage Python Programming Introduce Python as it pertains to forensic analysis.
Memory Forensics RAM Forensics Go over RAMvolatile memory, how to capture it, tools, techniques,etc
Operating System RedHat Introduce RedHat and how to forensically investigate it.
Operating System Registry Analysis Explain the registry, tools to extract, analyze, etc.
Mechanism Sandbox Explain and show what a sandbox is and what how it pertains to forensics.
Tool Usage SANS Sift workstation

Show and demonstrate the SIFT workstation, how it can be used for forensics, etc

Moshe Caplan August 16, 2012
Operating System Single User Mode Explain and show different OS's booting into Single User Mode, and how it pertains to forensics.
File System Analysis Software specific logs Show software specific logs, and how they pertain to forensic investigations.
Tool Usage SQLite Explain SQLite, how to investigate SQLite db's, tools, etc
Tool Usage Sysinternals tools Explain and demonstrate sysinternals tools and how they pertain to forensic investigations.
Tool Usage The SleuthKit & Autopsy

Show TSK & Autopsy in different OS's (ex: installed and used in Ubuntu, windows, etc)

Moshe Caplan August 20, 2012
Mechanism Timeline Analysis Show timeline analysis/creation tools, usage, etc.
Tool Usage TrueCrypt Show what TC is and how it is used.
Cryptography Truecrypt Cryptography Go over TC password cracking techniques, explain key files
Operating System Unallocated Space Go over Unallocated Space, tools to investigate it, etc
Tool Usage Virtual Environments Show how to create isolated virtual environments for forensic investigations.
Tool Usage Virtual Forensic Appliances Show good forensic appliances, and how to introduce them in a forensic environment.
Tool Usage Virtual Machine Software Show different VM softwares and how to use their features
Tool Usage Volatility Show volatility usage, etc.
Operating System Windows Forensics Explain windows forensics (this may be too broad)
Log File Analysis Windows Log File Analysis Explain forensically interesting logs, tools to read them, etc. Show how logs have changed for different versions of Windows (XP-present)
Network Forensics Wireshark

Explain wireshark and how it can be used in forensics

Moshe Caplan August 10, 2012
Network Forensics XMPP/Jabber Show XMPP/Jabber data, forensics, etc.