NDG Forensics

NDG Forensics labs provide hands-on experience conducting a variety of forensics practices. These skills can help prepare trainees for a variety of IT positions, including: Computer Forensic Analyst, Digital Forensic Examiner, Digital Forensics Incident Response and Security Administrator.

The labs map to several leading industry certifications, as noted in the Supported Labs table below.

NDG Forensics labs are supported in NETLAB+ using the NDG Forensics Pod.

These labs are also available as an NDG Online hosted lab offering.

Vital Importance of Cyber Security Training

The National Initiative for Cybersecurity Education (NICE) is focused on the necessity to prepare, recruit, train develop and retain a diverse, qualified cybersecurity workforce capable of preventing and defending against ever-increasing threats. Using the NIST NICE CyberSecurity Workforce Framework, they categorize, organize and describe cybersecurity work in to high-level categories, each comprised into several specialty areas. The framework category, Protect and Defend, includes the specialty areas responsible for the identification, analysis, and mitigation of threats to internal IT systems or networks, which require Forensics skills:


  • Computer Network Defense Analysis
  • Incident Response
  • Vulnerability Assessment and Management
  • Computer Network Defense Infrastructure Support

Supported Labs

Lab Title SANS GCFE Areas ISC2 CCFP Domain EC-Council CHFI
1 Exploring the Windows File System
  • 4: Digital Forensics
  • 7: Understanding Hard Disks and File Systems
2 Exploring the Linux File System
  • 4: Digital Forensics
  • 7: Understanding Hard Disks and File Systems
3 Introduction to Partitions (MBR & GPT)
  • 4: File and Program Activity Analysis
  • 4: Digital Forensics
  • 8: Windows Forensics
4 Forensic Acquisition Using Linux Tools
  • 3: Evidence Acquisition, Preparation, and Preservation
  • 2: Investigations
  • 9: Data Acquisition and Duplication
5 Obtaining and Analyzing Memory
  • 2: Digital Forensics Fundamentals
  • 4: Digital Forensics
6 Linux OS Artifact Forensics
  • 7: Understanding Hard Disks and File Systems
7 Windows OS Artifact Forensics
  • 4: File and Program Activity Analysis
  • 4: Digital Forensics
  • 8: Windows Forensics
8 Windows Registry Forensics
  • 6: System and Device Profiling and Analysis
  • 4: Digital Forensics
  • 8: Windows Forensics
9 Web Browser Forensics
  • 1: Browser Forensics
10 Network Forensics
  • 7: User communication Analysis
  • 4: Digital Forensics
  • 16: Network Forensics, Investigating Logs and Investigating Network Traffic
11 Introduction to Autopsy
12 Introduction to Digital Forensics Framework
13 Data Carving
  • 5: Application Forensics
  • 10: Recovering Deleted Files and Deleted Partitions
14 Email Forensics
  • 7: User communication Analysis
  • 5: Application Forensics
  • 19: Tracking Emails and Investigating Email Crimes
15 Steganography
  • 13: Steganography and Image File Forensics
16 Introduction to Android OS
  • 4: Digital Forensics
  • 20: Mobile Forensics
17 Android Logical Acquisition
  • 4: Digital Forensics
  • 20: Mobile Forensics
18 Recovering Passwords
  • 14: Application Password Crackers
19 Log Analysis
  • 5: Log Analysis
  • 16: Becoming an Expert Witness

Academic Book List

The books listed below are recommended resources to accompany the NDG Forensics labs.

Guide to Computer Forensics and Investigations, 5th ed.
Bill Nelson,  Amelia Phillips, Christopher Steuart 
ISBN-13: 978-1285060033
ISBN-10: 1285060032
Cengage Learning

Digital Forensics with Open Source Tools
Harlan Carvey, Harlan Carvey 
ISBN-13: 978-1597495868
ISBN-10: 1597495867
Elsevier, Inc.

A Practical Guide to Computer Investigations
Darren R. Hayes
ISBN-13: 978-0789741158
ISBN-10: 0789741156
Pearson Education, Inc.
Enabling the Labs

To enable the NDG Forensics labs, create a class and check the box for "NDG Forensics" in the global labs class settings.

NDG-FOR
Using the Labs

Always select the correct lab exercise for the lab being performed. Students or teams should schedule the correct lab exercise from the catalog. NETLAB+ will only show those labs for which the required pod type is available. A lab that works on different pod types may appear more than once if your system is so equipped. Instructors should select the correct lab from the Exercise tab during instructor-led lab reservations. This can be done as many times as needed during the reservation.