CyberCode Academy

CyberCode Academy
  • 0.0(0개의 평가)
  • 강의
  • 매일 업데이트

Welcome to CyberCode Academy — your audio classroom for Programming and Cybersecurity. 🎧 Each course is divided into a series of short, focused episodes that take you from beginner to advanced level — one lesson at a time. From Python and web development to ethical hacking and digital defense, our content transforms complex concepts into simple, engaging audio learning. Study anywhere, anytime — and level up your skills with CyberCode Academy. 🚀 Learn. Code. Secure.

  1. Course 22 - Digital Forensics: RAM Extraction Fundamentals | Episode 4: RAM Capture via Magnet and FTK Imager

    15시간 전

    Course 22 - Digital Forensics: RAM Extraction Fundamentals | Episode 4: RAM Capture via Magnet and FTK Imager

    In this lesson, you’ll learn about:A technical overview of memory acquisition using Magnet RAM Capture and FTK ImagerHow RAM footprint size affects evidence integrity during live memory collectionThe key features of Magnet RAM Capture, including custom output paths and memory image splittingWhy file segmentation is operationally important when handling large RAM capturesThe role of FTK Imager as a multifunctional triage and imaging toolFTK Imager’s additional capabilities, such as registry collection, hexadecimal viewing, and logical drive previewPerformance benchmarking results, including memory dump speed for large RAM sizesStrategic considerations for tool selection and justification in forensic investigationsA professional workflow approach combining lightweight tools first and heavier tools later based on investigative needs You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy

    11분
  2. Course 22 - Digital Forensics: RAM Extraction Fundamentals | Episode 3: Comparing Belkasoft and Magnet Tools

    1일 전

    Course 22 - Digital Forensics: RAM Extraction Fundamentals | Episode 3: Comparing Belkasoft and Magnet Tools

    In this lesson, you’ll learn about: The role of RAM acquisition in digital forensics and why volatile memory is critical evidenceHow benchmarking RAM extraction tools helps investigators make defensible tactical decisionsA technical comparison between Belkasoft RAM Capturer and Magnet RAM CaptureThe trade-offs between system footprint and extraction speed during live memory captureHow both tools operate in kernel mode and why this matters for bypassing OS protectionsDifferences in output formats (.mem vs .dmp) and their forensic implicationsPractical factors for tool selection, including execution method, performance on large RAM sizes, and operational impact on the target system You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy

    11분
  3. Course 22 - Digital Forensics: RAM Extraction Fundamentals | Episode 2: Benchmarking Tools and Using MoonSols DumpIt

    2일 전

    Course 22 - Digital Forensics: RAM Extraction Fundamentals | Episode 2: Benchmarking Tools and Using MoonSols DumpIt

    In this lesson, you’ll learn about:Why Benchmarking RAM Extraction Tools MattersHow benchmarking supports defensible tool selection in forensic investigations.Using measurable metrics to justify decisions during reports or court testimony.Understanding that different systems and environments can affect tool behavior.Key Benchmarking CriteriaRAM Footprint: Measuring how much memory the tool consumes while running and how much evidence it overwrites.Extraction Speed: Evaluating how fast a full memory dump can be completed, especially when using high-speed media like USB 3.0 drives.Execution Context: Distinguishing between kernel-mode and user-mode tools, with kernel-mode execution preferred for bypassing OS-level protections such as anti-debugging and anti-dumping mechanisms.MoonSols DumpIt: Technical EvaluationWhy DumpIt is favored for live response and incident handling.Its portable design, allowing execution directly from removable media without installation.An exceptionally small memory footprint (under 1 MB), minimizing evidentiary impact.Proven efficiency, capable of dumping large memory sizes (e.g., ~9 GB) in a matter of minutes.Automatic output as a raw memory image, simplifying downstream analysis and tool compatibility.Live Benchmarking and VerificationObserving DumpIt in real time using Task Manager to confirm actual memory usage.Correlating observed performance with documented benchmarks.Recognizing the significance of the final success confirmation and proper storage of the raw memory image for triage and analysis.By the end of this episode, you’ll be able to benchmark RAM acquisition tools systematically, understand why DumpIt is often chosen as a primary option, and confidently explain your tool selection based on measurable, repeatable criteria rather than preference alone. You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy

    12분
  4. Course 22 - Digital Forensics: RAM Extraction Fundamentals | Episode 1: Value, Strategy, and Technical Preparation

    3일 전

    Course 22 - Digital Forensics: RAM Extraction Fundamentals | Episode 1: Value, Strategy, and Technical Preparation

    In this lesson, you’ll learn about:Why RAM Is Critical Forensic EvidenceHow volatile memory captures data that never touches disk and is lost on shutdown.Recovering private browsing sessions, chat data, webmail content, and remnants of failed wiping attempts.Identifying in-memory malware, including rootkits, injected code, and hidden processes that evade disk-based scanners.Extracting encryption keys and credentials (e.g., BitLocker, TrueCrypt, cached passwords) that unlock otherwise inaccessible evidence.The “RAM Debate”: When to Capture vs. When to SkipUnderstanding how missing RAM evidence can be argued as exculpatory in court.Evaluating the forensic footprint: every capture tool overwrites some memory.Making defensible decisions to omit RAM collection when:The suspect has confessed.Disk artifacts already answer the investigative questions.Live triage indicates the system was likely uninvolved.Learning how to justify your decision either way in reports and testimony.RAM Footprint and Evidentiary IntegrityWhat a RAM footprint is and why courts care about it.Minimizing contamination by selecting lightweight, trusted tools.Documenting tool choice, execution order, and system state to maintain credibility.Hardware Preparation for Live Memory CaptureWhy USB 3.0 magnetic hard drives are preferred over flash drives:Faster acquisition times.Higher capacity for large memory dumps.Reduced risk of incomplete captures.Planning storage capacity based on installed system RAM.Tool Redundancy and Operational ReadinessWhy investigators should maintain 2–4 validated RAM tools.Handling failures caused by OS updates, drivers, or endpoint security controls.Understanding that redundancy is a professional requirement, not overkill.Recommended Free RAM Capture ToolsDumpIt – simple, fast, minimal user interaction.Belkasoft Live RAM Capturer – reliable and widely court-tested.Magnet RAM Capture – integrates cleanly with Magnet analysis workflows.FTK Imager – versatile option when already deployed on-scene.By the end of this episode, you’ll understand not just how to extract RAM, but when, why, and how to defend your decision under scrutiny—turning volatile memory into some of the most powerful evidence in a live forensic investigation. You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy

    17분
  5. Course 21 - Digital Forensics: Windows Shellbags | Episode 5: Shellbags Forensics: Validating Network Drive Activity

    4일 전

    Course 21 - Digital Forensics: Windows Shellbags | Episode 5: Shellbags Forensics: Validating Network Drive Activity

    In this lesson, you’ll learn about:Validating Network Drive Activity with ShellbagsHow Windows Shellbags act as a silent witness for user interaction with network shares and mapped drives.Why UsrClass.dat is a critical artifact for proving access to remote resources, even when permissions are restricted.Recording Remote Folder AccessHow accessing a mapped network drive (e.g., Z:) generates Shellbag entries.Capturing exact remote folder paths (such as administrative or restricted directories) that a user navigated to.Demonstrating that Shellbags records navigation, not just file creation or modification.Timestamp Behavior in Network ShellbagsUnderstanding how remote MAC times are copied and stored locally:Last Accessed Time: Often reflects the precise moment the user viewed or entered the network folder.Last Written Time: May indicate when the network drive was first connected or when folder view settings were changed.Created Time: Represents the state of the folder metadata at the moment it was first recorded in Shellbags.Recognizing that all timestamps must be interpreted in UTC and converted to local time for reporting.Event Reconstruction and AttributionReconstructing timelines that show who accessed which network location and when.Correlating Shellbag entries with other evidence to confirm intentional user interaction rather than background system activity.Differentiating between mere drive connection and active navigation into specific subfolders.Investigative and Evidentiary ValueUsing Shellbag evidence to prove file awareness and knowledge, not just theoretical access.Supporting cases involving unauthorized access, insider threat activity, or data exfiltration.Reinforcing why Shellbags are especially powerful when files no longer exist or access logs are unavailable.By the end of this episode, you’ll be able to confidently analyze Shellbag artifacts related to network drives, interpret their timestamps accurately, and use them to demonstrate user knowledge and interaction with remote file systems in a forensic investigation. You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy

    12분
  6. Course 21 - Digital Forensics: Windows Shellbags | Episode 4: Shellbag Forensics: Tracking USB Device History and Artifact Validation

    5일 전

    Course 21 - Digital Forensics: Windows Shellbags | Episode 4: Shellbag Forensics: Tracking USB Device History and Artifact Validation

    In this lesson, you’ll learn about:USB Forensics Using Shellbag ArtifactsHow Windows Shellbags can be leveraged to reconstruct user interaction with removable media.Why Shellbags are valuable for determining whether files were copied to or from USB devices, even when the media is no longer connected.Initial Evidence Generation and CollectionCreating controlled forensic artifacts by moving test files onto a FAT16-formatted USB drive.Exporting relevant registry hives (such as USRCLASS.DAT) using FTK Imager.Loading these hives into Shellbag Explorer for structured analysis.Understanding File System Timestamp BehaviorRecognizing FAT16 limitations, where Last Accessed timestamps record only the date, not the time.Interpreting Created timestamps as the moment files or folders were moved onto the USB device.Understanding why Modified timestamps often remain unchanged during copy or move operations.Shellbag Data Merging and Ghost ArtifactsLearning how Windows may merge Shellbag data when a USB device is reformatted, renamed, or reused.Understanding how previously accessed folders can still appear in Shellbag Explorer due to reuse of the same drive letter or volume identifiers.Identifying “ghost” directories and avoiding false assumptions about current device contents.Handling Multiple Removable DevicesObserving how Windows assigns new drive letters (e.g., E:, then F:) when multiple USB devices are connected.Using Last Write Time values to infer when a USB device was inserted or when its folder view preferences were modified.Forensic Validation and ReportingEvaluating whether timestamps and folder structures logically align with expected user behavior.Understanding why investigators must not rely solely on automated tool output.Emphasizing manual validation to prevent misinterpretation caused by merged or residual Shellbag data.By the end of this episode, you’ll be able to analyze Shellbag artifacts related to USB devices, accurately interpret file system timestamps, and validate whether removable media activity supports or contradicts suspected data exfiltration or injection events. You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy

    12분
  7. Course 21 - Digital Forensics: Windows Shellbags | Episode 3: ShellBag Forensics: Practical Validation and Timestamp Analysis

    6일 전

    Course 21 - Digital Forensics: Windows Shellbags | Episode 3: ShellBag Forensics: Practical Validation and Timestamp Analysis

    In this lesson, you’ll learn about:Practical ShellBag Forensics WorkflowHow ShellBags function as registry-based artifacts that record user folder interaction and view preferences.The full investigative cycle: evidence creation, acquisition, analysis, and validation.Registry Hive AcquisitionCreating controlled user activity (e.g., test folders) to deliberately generate ShellBag evidence.Exporting NTUSER.DAT from the root of the user profile and USRCLASS.DAT from the AppData directory using FTK Imager.Required system configuration steps, including enabling hidden files and protected operating system files, to access locked registry hives.Interpreting ShellBag TimestampsUnderstanding the forensic meaning of Last Write Time, which reflects either the first folder access or a change in folder view settings.Differentiating embedded MAC times (Created, Modified, Accessed) as historical snapshots captured when the ShellBag entry was first generated.Correctly handling UTC/GMT timestamps and applying local time offsets to ensure accurate forensic timelines.Validation Through Controlled ExperimentsDemonstrating that changing folder view options (such as switching to large icons) updates the Last Write Time without altering embedded MAC timestamps.Recognizing normal conditions where certain directories—such as system folders or hard-coded shortcuts—do not contain MAC times.Evidence Location AwarenessKnowing where user-specific ShellBag data resides within the Windows registry structure.Understanding how these locations support user attribution and timeline reconstruction during forensic investigations.By the end of the episode, you’ll be able to confidently extract ShellBag-related registry hives, correctly interpret their timestamps, and validate user activity findings through repeatable forensic testing. You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy

    14분
  8. Course 21 - Digital Forensics: Windows Shellbags | Episode 2: Forensic System Setup and Local Drive Integration

    1월 31일

    Course 21 - Digital Forensics: Windows Shellbags | Episode 2: Forensic System Setup and Local Drive Integration

    In this lesson, you’ll learn about:Preparing a Forensic WorkstationThe purpose of using a controlled forensic setup to safely extract and analyze system artifacts.Why working from an acquired drive or image is critical for maintaining evidentiary integrity.Essential Tools for Shellbag and Registry AnalysisShellbags Explorer: Used to parse and analyze shellbag artifacts associated with user folder navigation.FTK Imager (Lite): A portable, self-contained tool for accessing drives and exporting forensic artifacts without installing software on the target system.Loading a System Drive as EvidenceHow to use “Add Evidence Item” in FTK Imager to load a local physical drive (e.g., the C: drive).Understanding the evidence tree and how FTK represents the file system for forensic browsing.Navigating the File System for Forensic ArtifactsTraversing the directory structure within FTK Imager to locate user-specific data.Focusing on the Users directory and individual user home folders, which contain critical registry files.Target Registry Files for AnalysisIdentifying user-specific registry hives stored within the home directory.Understanding why these files are essential inputs for tools like Shellbags Explorer when reconstructing user activity.By the end of the episode, you’ll be able to set up the required forensic tools, load a system drive as evidence, and confidently locate the registry hives needed to analyze shellbags and other user activity artifacts. You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy

    15분
모두 보기(141개)

소개

Welcome to CyberCode Academy — your audio classroom for Programming and Cybersecurity. 🎧 Each course is divided into a series of short, focused episodes that take you from beginner to advanced level — one lesson at a time. From Python and web development to ethical hacking and digital defense, our content transforms complex concepts into simple, engaging audio learning. Study anywhere, anytime — and level up your skills with CyberCode Academy. 🚀 Learn. Code. Secure.

정보

  • 제작진
    CyberCode Academy
  • 방송 연도
    2025년 - 2026년
  • 에피소드
    141
  • 등급
    전체 연령 사용가
  • 저작권
    © Copyright CyberCode Academy
  • 웹사이트 보기
    CyberCode Academy