O'Reilly logo
live online training icon Live Online training

Getting Started with Cyber Investigations and Digital Forensics

Topic: Security
Aamir Lakhani

We cannot prevent and stop cyber breaches and cyber-attacks, but we can reduce and mitigate our risk by understanding the motivations for the attacks, their techniques, and investigating exactly how attacks happen. This course is designed to help you find and hunt attackers who are planning to or have already attacked your organization. You will learn to track down threats and learn if data has been compromised. This course is designed specifically for organizations who want to protect the integrity of their brand, data, customers, or a significant event.

This course will teach the fundamentals of digital forensic investigations. It is an introduction to the world of cyber investigations and forensic analysis. You will learn: - How to recognize, investigate, and collect evidence against specific threats - How to find and track cybercriminals - How to protect against attackers attempting to compromise your organization

What you'll learn-and how you can apply it

  • Learn the fundamentals of cyber forensics and cyber investigations
  • Learn how to build your cyber forensics lab and study area
  • Determine how to collect and preserve evidence from desktops, endpoints, and network devices
  • Find out how to investigate companies and organizations using tools such as Malteigo and Recon-NG
  • Understand how to study people and social networks
  • Gain the skills to perform social media investigations leveraging Facebook, eBay, Instagram, and other popular social media platforms
  • Get an introduction to the Darknet
  • Understand how to buy, sell, and track criminals on the Darknet
  • Explore the basics of OpenSource intelligence (OSINT) and how to use it during an investigation

This training course is for you because...

  • You would like to learn the fundamentals of digital forensics and cyber investigations
  • You want to understand how to investigate internal or external cyber crime, cyber breaches, and or unauthorized data exfiltration.
  • You are with or working with any IT related projects along with law enforcement, human resources, or privacy experts.


  • Basic understanding of computing concepts (hardware, software, networking, storage, and cloud computing).
  • Basic knowledge of cybersecurity. Recommended training includes
  • Understanding how to run basic virtual machines such as Kali and Windows using VMWare Workstation, VMWare Fusion, or VirtualBox.

Recommended Preparation

Materials, downloads, or Supplemental Content needed in advance

About your instructor

  • Aamir Lakhani is a leading senior security strategist. He is responsible for providing IT security solutions to major enterprises and government organizations.

    Mr. Lakhani creates technical security strategies and leads security implementation projects for Fortune 500 companies. Industries of focus include healthcare providers, educational institutions, financial institutions and government organizations. Aamir has designed offensive counter-defense measures for the Department of Defense and national intelligence agencies. He has also assisted organizations with safeguarding IT and physical environments from attacks perpetrated by underground cybercriminal groups. Mr. Lakhani is considered an industry leader for creating detailed security architectures within complex computing environments. His areas of expertise include cyber defense, mobile application threats, malware management, Advanced Persistent Threat (APT) research, and investigations relating to the Internet’s dark security movement. He is the author or contributor of several books, and has appeared on FOX Business News, National Public Radio, and other media outlets as an expert on cybersecurity.

    Writing under the pseudonym Dr. Chaos, Mr. Lakhani also operates the popular security social media blog which is hosted at DrChaos.com. In its recent list of 46 Federal Technology Experts to Follow on Twitter, Forbes magazine described Aamir Lakhani as “a blogger, InfoSec specialist, super hero…and all around good guy.”


The timeframes are only estimates and may vary according to how the class is progressing

Section 1: Fundamentals of Cyber Investigations and Forensics (20 minutes)

  • An introduction to Cyber Investigations and Digital Forensics
  • Reviewing Cyber Investigation Methodologies

Section 2: Collecting and Preserving Evidence (45 minutes)

  • Building your cyber forensics lab
  • Using digital forensics to collect information
  • Hard drive and data forensics
  • Collecting information from other data points

Break 10 minutes

Section 3: Open-Source Intelligence Investigations (65 minutes)

  • Introduction into using OSINT for forensic investigations
  • Introduction into Malteigo
  • Introduction into Recon-NG
  • Other OSINT tools

Break 10 minutes

Section 4: Social Media and Email Investigations (40 minutes)

  • Introducing authentication methods
  • Exploiting authentication-based vulnerabilities
  • Exploiting session management vulnerabilities

Break 10 minutes

Section 5: Understanding and exploring the Darknet(30 minutes)

  • Introduction into the Darknet
  • Using the Darknet

Section 6: Review and Wrap-up (10 minutes)

  • What learned and where you go from here
  • Q&A