Course 36 - Windows Forensics and Tools | Episode 2: Windows Forensic Imaging and Drive Nomenclature

Course 36 - Windows Forensics and Tools | Episode 2: Windows Forensic Imaging and Drive Nomenclature

In this lesson, you’ll learn about: Windows forensic imaging and data structure fundamentals1. What is Forensic Imaging? * A bit-by-bit, sector-by-sector copy of a storage device * Captures everything, not just visible files 🔹 What it Includes * Active files and folders * Deleted files * Unallocated space * Slack space 👉 Key Difference: * Not a backup → it is an exact forensic replica 2. Why Forensic Imaging Matters * Preserves original evidence * Prevents modification of: * File timestamps * Metadata 👉 Legal Importance: * Required for court-admissible investigations 3. Physical vs Logical Drives (Windows Naming)🔹 Physical Drives * Identified as: * Disk 0 * Disk 1 * Represent actual hardware 🔹 Logical Drives * Represent partitions using letters: * C: * D: * E: 👉 Analogy: * Physical disk → entire cabinet * Logical drives → drawers inside the cabinet 🔹 Historical Note * A: and B: reserved for floppy disks 4. File System Hierarchy🔹 Structure Levels 1. Volume (highest level) 2. Partition 3. Directory (folder) 4. File 🔹 File Definition * A logical grouping of related data 👉 Key Insight: * Understanding hierarchy helps in locating and analyzing evidence 5. Processes and Threads (Execution Basics) * Process → running program * Thread → smallest execution unit within a process 👉 Why it matters: * Helps track: * Program execution * Malicious activity 6. Data Integrity & Verification🔹 Hashing Concept * Generate a unique fingerprint for data 🔹 Algorithm Example * MD5 hash 🔹 Key Properties * Same file → same hash * Rename file → hash unchanged * Change 1 bit → completely different hash 👉 Use Case: * Verify forensic image integrity 7. Chain of Trust in Forensics * Acquire image → generate hash * Analyze copy → compare hash again 👉 Goal: * Ensure no tampering occurred Key Takeaways * Forensic imaging captures complete disk data, including hidden content * Physical and logical drives represent different abstraction layers * File systems follow a structured hierarchy * Hashing ensures data integrity and authenticity * Even a tiny change in data invalidates evidence Big PictureForensic imaging helps you:👉 Move from raw disk → verified evidence copyMental Model * Disk → Image → Hash → Analyze → Verify You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy [https://linktr.ee/cybercode_academy]

Course 36 - Windows Forensics and Tools | Episode 1: Debunking Myths and Mastering Methodology

In this lesson, you’ll learn about: digital forensics in Windows environments1. What is Digital Forensics? * Also known as computer forensics * The application of scientific methods to digital investigations 🔹 Core Objectives * Identify digital evidence * Preserve its integrity * Analyze findings * Present results for legal use 👉 Key Idea: * Evidence must be accurate, repeatable, and legally admissible 2. Why Focus on Windows? * Majority of systems run Windows * Widely used in: * Personal computing * Enterprise environments 🔹 Challenges * Undocumented internal features * Limited low-level access * Complex system structure 👉 Result: * Windows forensics requires specialized knowledge and tools 3. Investigation Methodology (SANS Framework) * Developed by the SANS Institute 🔹 The 8-Step ProcessStep 1: Initial Assessment * Confirm incident * Define scope * Identify affected systems 👉 Goal: * Understand what happened and where Step 2: System Description * Document: * Hardware specs * OS configuration * Network role 👉 Importance: * Provides context for analysis Step 3: Evidence Acquisition🔹 Types of Data * Volatile Data: * RAM * Running processes * Network connections * Non-Volatile Data: * Hard drives * Logs * Files 🔹 Critical Concepts * Chain of custody * Data integrity verification (hashing) 👉 Rule: * Never alter original evidence Step 4: Timeline Analysis * Reconstruct system activity over time 👉 Helps answer: * When did the attack happen? * What actions were performed? Step 5: Media Analysis * Examine: * File systems * Program execution * Deleted files 👉 Insight: * Reveals user and attacker behavior Step 6: String & Byte Search * Search for: * Keywords * Signatures * Binary patterns 👉 Use Case: * Detect malware traces or hidden data Step 7: Data Recovery * Recover data from: * Unallocated space * Slack space 👉 Importance: * Deleted ≠ gone Step 8: Reporting * Create formal report 🔹 Must Include * Verified findings * Methods used * Evidence references 👉 Requirement: * Must be clear, objective, and defensible in court 4. Windows Artifacts (Key Evidence Sources)🔹 Common Artifacts * Registry * Prefetch files * Restore points * Recycle Bin 👉 What they reveal: * Program execution history * User activity * System changes 5. Cybersecurity Use Case🔹 When Digital Forensics is Used * Incident response * Malware analysis * Legal investigations 👉 Outcome: * Understand: * Attack methods * Impact * Responsible actions Key Takeaways * Digital forensics applies scientific investigation to digital systems * Windows analysis is complex but essential * SANS methodology ensures structured and reliable investigations * Evidence handling must preserve integrity * Artifacts reveal hidden user and attacker activity Big PictureDigital forensics helps you:👉 Move from incident → evidence → truthMental Model * Collect → Preserve → Analyze → Report You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy [https://linktr.ee/cybercode_academy]

Course 35 - Footprinting and Reconnaissance | Episode 8: From Target Reconnaissance to Phishing Execution

In this lesson, you’ll learn about: social engineering attacks and spear-phishing execution1. What is Social Engineering? * A psychological attack technique * Targets human behavior instead of systems * Exploits trust, urgency, and curiosity 👉 Goal: * Trick the victim into revealing information or executing malicious actions 2. Phase 1: Reconnaissance (Information Gathering)🔹 Target Profiling * Collect Personally Identifiable Information (PII): * Job role * Relationship status * Daily habits * Interests (e.g., pets, hobbies) 🔹 Data Sources * Social media platforms (e.g., mock “mybook”) 👉 Why it matters: * Enables highly targeted (spear-phishing) attacks * Helps guess: * Passwords * Security questions 3. Phase 2: Attack Setup🔹 Tools Used * Social Engineering Toolkit * Kali Linux 🔹 Attack Method * Spear-phishing email with malicious attachment 🔹 Payload Technique * File disguised as: * PCFIX.zip.pdf 👉 Deception Strategy: * Double extension trick to: * Bypass user suspicion * Appear as a legitimate document 4. Phase 3: Delivery & Execution🔹 Email Delivery * Configure SMTP server * Send high-priority message 🔹 Social Engineering Tactics * Create urgency: * “Suspicious internet activity detected” 👉 Objective: * Force the victim to act without thinking 5. System Compromise🔹 Victim Interaction * Downloads the file * Opens the attachment 🔹 Result * Execution of hidden payload * Attacker gains access via: * Metasploit Framework 🔹 Outcome * Remote command shell access * Full system control 6. Cybersecurity Impact🔹 Attack Chain 1. Reconnaissance 2. Weaponization 3. Delivery 4. Exploitation 5. Access 👉 Key Insight: * A simple phishing email can lead to complete system compromise 7. Defense & Awareness🔹 Common Weak Points * Human trust * Lack of awareness * Poor email inspection 🔹 Prevention * Security awareness training * Email filtering & sandboxing * Avoid opening suspicious attachments * Verify sender authenticity Key Takeaways * Social engineering targets people, not systems * Reconnaissance makes attacks more effective * File disguise techniques increase success rate * Phishing can lead to full system compromise * Awareness is the strongest defense Big PictureThis attack demonstrates:👉 How information gathering → targeted phishing → system takeoverMental Model * Recon → “Know the victim” * Phishing → “Exploit trust” * Payload → “Gain access” You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy [https://linktr.ee/cybercode_academy]

Course 35 - Footprinting and Reconnaissance | Episode 7: Information Gathering and Domain Reconnaissance Lab

In this lesson, you’ll learn about: reconnaissance using Recon-ng1. What is Recon-ng? * A full-featured web reconnaissance framework * Pre-installed on Kali Linux * Designed to automate OSINT and domain reconnaissance 🔹 Core Concept * Works like a framework (similar to Metasploit) * Uses modules to perform different recon tasks 👉 Purpose: * Build a structured database of target intelligence 2. Tool Overview * Recon-ng 🔹 Key Capabilities * Domain intelligence gathering * Contact harvesting * Subdomain discovery * File and directory enumeration 👉 Advantage: * Organizes results into a workspace database 3. Workspace & Domain Setup🔹 Initial Steps * Create a workspace * Add target domain 👉 Why it matters: * Keeps recon data organized and reusable 4. Contact Harvesting🔹 Module: whois_pocs * Extracts: * Names * Email addresses * Locations 👉 Use Case: * Build a target profile * Useful for: * Social engineering * OSINT correlation 5. Host Discovery & Stealth🔹 Module: bing_domain_web * Finds: * Hosts * Indexed subdomains 🔹 Stealth Feature * Recon-ng introduces delays (sleep) between requests 👉 Benefit: * Mimics human browsing * Reduces detection risk * Avoids IP blocking 6. Subdomain Brute-Forcing🔹 Module: brute_hosts * Uses wordlists to guess subdomains 🔹 Output * Hidden subdomains * Associated IP addresses 👉 Importance: * Expands the attack surface * Reveals hidden infrastructure 7. Sensitive File Discovery🔹 Module: interesting_files * Searches for: * robots.txt * Backup files * Config files 👉 Why it matters: * May expose: * Hidden directories * Internal paths * Misconfigurations 8. Analyzing Server Responses🔹 HTTP Status Codes * 404 → Resource not found (client-side issue) * 300-series → Redirection 👉 Insight: * Helps understand: * Server behavior * Application structure 9. Cybersecurity Use Case🔹 Reconnaissance Phase * Early stage of: * Penetration testing * Bug bounty hunting 🔹 What You Achieve * Map: * Domains * Subdomains * Contacts * Infrastructure 👉 Outcome: * Clear view of the target environment Key Takeaways * Recon-ng is a modular recon framework * Uses workspaces to organize intelligence * Automates multiple OSINT tasks * Includes stealth techniques to avoid detection * Provides structured data for further testing Big PictureRecon-ng helps you:👉 Move from raw data → structured intelligence databaseMental Model * Recon-ng → “Collect + organize recon data” * Analysis → “Turn data into actionable insights” You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy [https://linktr.ee/cybercode_academy]

Course 35 - Footprinting and Reconnaissance | Episode 6: Information Gathering with theHarvester in Kali Linux

In this lesson, you’ll learn about: information gathering using theHarvester1. What is theHarvester? * A reconnaissance tool used for Open Source Intelligence (OSINT) * Built into Kali Linux * Designed to collect publicly available data about a target 🔹 Core Function * Gathers: * Email addresses * Subdomains * IP addresses * Hostnames 👉 Purpose: * Build a digital footprint of the target before active testing 2. Tool Overview * theHarvester 🔹 Data Sources * Search engines: * Google * Bing * External services: * Shodan 👉 Value: * Combines multiple sources into one unified result set 3. Basic Command Usage🔹 Essential Flags * -d → Target domain * -l → Limit number of results * -b → Data source (e.g., google, bing, shodan) * -f → Save output to file 🔹 Example CommandtheHarvester -d microsoft.com -l 100 -b google -f results 👉 What this does: * Searches Google * Collects up to 100 results * Saves output locally 4. Advanced Querying🔹 Additional Flags * -s → Start position of search results 👉 Use Case: * Continue collecting data beyond initial results * Avoid duplicate data 🔹 Shodan IntegrationtheHarvester -d microsoft.com -b shodan 👉 Benefit: * Finds: * Exposed devices * Services * Technical infrastructure 5. Analyzing Results🔹 Key Findings * Subdomains: * news.microsoft.com * support.microsoft.com * IP Addresses: * Associated with infrastructure 🔹 Why It Matters * Reveals: * Attack surface * Entry points * Hidden assets 6. Cybersecurity Use Case🔹 Reconnaissance Phase * First step in: * Penetration testing * Bug bounty hunting 🔹 What You Gain * Target structure understanding * Identification of: * Weak subdomains * Exposed services 👉 Impact: * Better planning for: * Scanning * Exploitation Key Takeaways * theHarvester is a powerful OSINT tool * Uses multiple public sources for data collection * Command-line flags control precision and scope * Results reveal critical reconnaissance insights * Forms the foundation of ethical hacking workflows Big PicturetheHarvester helps you:👉 Move from no knowledge → mapped digital footprintMental Model * theHarvester → “Collect target data” * Analysis → “Understand the attack surface” You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy [https://linktr.ee/cybercode_academy]