Being able to effectively analyze digital evidence and extract indicators of compromise is incredibly important. In fact, it’s crucial to properly scoping an incident and creating robust detection logic to prevent and detect future attacks. In this course, OS Analysis with The Sleuth Kit & Autopsy, you’ll cover how to utilize Sleuth Kit and Autopsy to detect process injection and artifact obfuscation in an enterprise environment. First, you’ll demonstrate how to detect process injection techniques such as process hollowing and injection. Next, you’ll operate identifying and detecting artifact obfuscation. When you’re finished with this course, you’ll have the skills and knowledge to detect these techniques, Process Inject (T1055) and Artifact Obfuscation (T1027) using Sleuth Kit and Autopsy.
Author Name: Ashley Pearson
Author Description:
Ashley Pearson is a former system administrator turned threat hunter. She has spent the past 3 years of her 8+ year IT career specializing in cyber security. She currently works as a threat hunter and occasional incident responder or forensic analyst. She continues to feed her passion by actively participating in the InfoSec community, attending conferences, and pursuing higher education. Outside of work, Ashley enjoys running, video games, and reading.

Table of Contents

• Course Overview
  1min
• OS Analysis with Sleuth Kit and Autopsy
  13mins
• Resources
  1min