CyberCode Academy

CyberCode Academy
  • 0.0 (0)
  • Courses
  • Updated Daily

Welcome to CyberCode Academy — your audio classroom for Programming and Cybersecurity. 🎧 Each course is divided into a series of short, focused episodes that take you from beginner to advanced level — one lesson at a time. From Python and web development to ethical hacking and digital defense, our content transforms complex concepts into simple, engaging audio learning. Study anywhere, anytime — and level up your skills with CyberCode Academy. 🚀 Learn. Code. Secure. You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy

  1. Course 36 - Windows Forensics and Tools | Episode 11: Unlocking Hidden Metadata and Browser History

    21h ago

    Course 36 - Windows Forensics and Tools | Episode 11: Unlocking Hidden Metadata and Browser History

    In this lesson, you’ll learn about: forensic authentication using metadata and browser artifacts1. What is Digital Forensic Authentication?A process of verifying user activity and file origin using hidden dataFocuses on:DocumentsImagesWeb browsing activity🔹 Key IdeaFiles contain more than visible content—they carry hidden identity traces2. File Metadata (Documents & Office Files)🔹 What metadata revealsAuthor nameCreation machineEditing historyLast modified timestamps🔹 Why it mattersHelps identify:Who created a fileWhen it was editedWhether it was tampered with👉 Key Insight:Metadata can contradict user claims3. Image Metadata (EXIF Data)🔹 What is EXIF?EXIF data🔹 What EXIF containsCamera modelGPS location (if enabled)Date and timeExposure settingsDevice information👉 Key Insight:Images act like a digital fingerprint of the camera and environment4. Forensic Value of ImagesLink images to:Physical locationsDevices usedTimeline of events5. Browser History Persistence🔹 Common misconceptionUsers think deleting history removes all traces🔹 RealityBrowsers store persistent artifacts in system files6. Internet History Storage Locations🔹 Legacy Systemsindex.dat files🔹 Modern SystemsWebCacheV01.dat7. What WebCacheV01.dat StoresVisited URLsDownload historyBrowsing timestampsCached session data👉 Key Insight:Even private browsing leaves traces in system databases8. Forensic Tools🔹 Example toolESE Database View🔹 What it doesExtracts data from browser history databasesReconstructs user activity timelinesReveals deleted browsing records9. Private Browsing Myths🔹 Important factInPrivate / Incognito:Hides local history in UIDoes NOT fully remove system-level traces10. Forensic Applications🔹 Investigators can recoverVisited websitesDownloaded filesSearch behaviorHidden browsing sessionsKey TakeawaysMetadata reveals hidden details about files and imagesEXIF data acts as a digital fingerprint for photosBrowser activity is stored in system-level databasesDeleting history does not guarantee deletion of evidenceSpecialized tools can reconstruct full browsing behaviorBig PictureThis topic helps investigators:👉 Move from visible files → hidden behavioral evidenceMental ModelFile/Image → Metadata layer → System storage → Forensic reconstruction You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy

    21 min
  2. Course 36 - Windows Forensics and Tools | Episode 10: Decoding Metadata and File Internals

    1d ago

    Course 36 - Windows Forensics and Tools | Episode 10: Decoding Metadata and File Internals

    In this lesson, you’ll learn about: Windows Recycle Bin forensics and deleted file recovery1. Why the Recycle Bin Matters in ForensicsDeleting a file in Windows does not immediately erase itInstead, Windows:Moves it to a hidden system structureRenames itKeeps both metadata and data intact🔹 Key IdeaThe Recycle Bin is often a hidden evidence repository2. Core Forensic InsightDeleted files usually remain:On disk (physically intact)With modified references only👉 Result:Investigators can often recover:FilesPathsDeletion timestamps3. Legacy Windows Recycle Bin (Windows XP and earlier)🔹 Structure UsedINFO2 fileStored inside:Recycler folder🔹 What it containsOriginal file pathFile sizeDeletion order👉 Key Insight:Acts as an index of deleted files4. Modern Windows Recycle Bin (Vista → Windows 10)🔹 Structure Used$Recycle.Bin🔹 File Pair SystemEach deleted file creates two entries:$R fileContains actual file data$I fileContains metadata:Original namePathDeletion timestamp👉 Key Insight:Data and metadata are split for tracking integrity5. Windows 10 Forensic Markers🔹 Version Identification$I file headers contain version indicators:01 → older Windows versions02 → Windows 10 era🔹 Why it mattersHelps investigators determine:Operating system versionTimeline of deletion activity6. Hex-Level Analysis🔹 Tools usedHex editorsForensic analysis tools🔹 What investigators extractFile pathsDeletion timestampsFile size metadataOriginal filenames👉 Key Insight:Even “deleted” files can be reconstructed byte-by-byte7. Forensic Workflow🔹 Step-by-step processAccess $Recycle.BinMatch $R and $I filesDecode metadataReconstruct original file structureExtract evidence8. Investigative Value🔹 What can be recoveredDeleted documentsMalware payloadsSensitive user filesEvidence of file wiping attempts👉 Key Insight:Attackers often forget the Recycle Bin still holds tracesKey TakeawaysRecycle Bin does not permanently delete data immediatelyLegacy systems use INFO2 index filesModern systems use $R and $I file pairsMetadata and file content are separatedHex analysis allows full reconstruction of deleted activityBig PictureRecycle Bin forensics helps investigators:👉 Move from “deleted file” → “recoverable digital evidence”Mental ModelDelete action → Recycle Bin redirect → hidden storage → forensic recovery You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy

    22 min
  3. Course 36 - Windows Forensics and Tools | Episode 9: Uncovering Hidden Evidence

    2d ago

    Course 36 - Windows Forensics and Tools | Episode 9: Uncovering Hidden Evidence

    In this lesson, you’ll learn about: Windows System Restore Points in digital forensics1. What Are System Restore Points?A Windows feature that creates snapshots of system stateDesigned for recovery after:System failuresBad updatesSoftware issues🔹 Key IdeaThey act as a historical snapshot of system behavior2. Why They Matter in ForensicsRestore points preserve evidence that may be:DeletedWipedModified🔹 Forensic ValueHelps reconstruct:System changesMalware introductionConfiguration modifications3. What Is Stored in Restore PointsRegistry snapshotsSelected system filesConfiguration dataLogs and application traces👉 Important Insight:They preserve system state, not just individual files4. Metadata Preservation🔹 Key ConceptRestore points preserve MAC times:ModifiedAccessedCreated🔹 Why it mattersEnables accurate timeline reconstructionHelps detect tampering or backdating attempts5. Trigger Events for Restore Points🔹 When Windows creates themSoftware installationSystem updatesEvery ~24 hours of uptimeManual user trigger👉 Key Insight:Restore points are often created during high system activity periods6. Internal Structure of Restore Points🔹 Storage LocationHidden directory:C:\System Volume Information 🔹 Folder StructureStored as sequential folders:RP1RP2RP3etc.7. File Tracking Mechanism🔹 Key Componentfilelist.xml🔹 PurposeDefines:Which file types are monitoredWhich directories are included👉 Key Insight:Acts as a control map for snapshot creation8. Change Tracking System🔹 Important Filechange.log🔹 FunctionRecords:Original filenamesFile locationsSnapshot changes👉 Forensic Value:Helps reconstruct original file paths even after renaming9. System Management and Registry Control🔹 Registry RoleControls:Enable/disable restore pointsStorage allocationBehavior settings🔹 Storage ManagementUses FIFO (First-In, First-Out) ruleOlder restore points are deleted first10. Forensic Applications🔹 What investigators can uncoverMalware presence in past statesDeleted filesSystem configuration changesEvidence of cleanup attempts👉 Key Insight:Restore points can reveal what was intentionally removedKey TakeawaysSystem Restore Points are system snapshots used for recoveryThey preserve registry and file state over timeStored in hidden System Volume Information directoryInclude logs that track file changes and metadataCan reveal deleted or tampered forensic evidenceBig PictureRestore points help investigators:👉 Move from current system state → historical system reconstructionMental ModelSystem snapshot → stored RP folder → logs + registry + files → forensic timeline You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy

    25 min
  4. Course 36 - Windows Forensics and Tools | Episode 8: Efficiency, Evidence, and Forensics

    3d ago

    Course 36 - Windows Forensics and Tools | Episode 8: Efficiency, Evidence, and Forensics

    In this lesson, you’ll learn about: Windows Prefetch and forensic execution tracking1. What is Windows Prefetch?A Windows performance feature designed to:Speed up application startupReduce disk access time🔹 Key IdeaIt becomes a forensic artifact that records program execution2. How Prefetch WorksWindows monitors the first seconds of an application launchIt records:Files accessedExecution behavior patterns👉 Result:A cached “startup map” is created for faster future runs3. Prefetch File Structure🔹 Naming FormatApplication name + hashThe hash is an 8-character hexadecimal value🔹 Purpose of the HashDerived from the application pathHelps differentiate:Same program in different locations👉 Key Insight:Same executable in different folders = different Prefetch file4. Forensic Value of Prefetch🔹 What investigators can determineWhen a program was executedHow many times it was runWhether it ran from unusual locations5. The “Who, What, When” of Forensics🔹 Key Questions AnsweredWho: Which program was executedWhat: Which executable was runWhen: Last execution timestamp👉 Important:Prefetch is one of the strongest execution evidence sources in Windows6. Detecting Evidence Tampering🔹 Critical InsightPresence of cleanup tools is itself evidence🔹 ExampleIf a wiping tool appears in Prefetch:It proves the tool was executed👉 Key Idea:“Trying to hide evidence” becomes evidence itself7. Hidden Activity Discovery🔹 Prefetch can reveal:Hidden directoriesExternal storage usageEncrypted container activity🔹 Example targetsTrueCrypt volumesExternal USB drivesObfuscated folders8. System Evolution🔹 Related Windows TechnologiesSuperfetchReadyBoost👉 Purpose:Improve system responsiveness and memory usage9. Registry Control of Prefetch🔹 Key ConceptPrefetch behavior can be enabled/disabled via registry settings🔹 Forensic ImportanceInvestigators check registry keys to see:If Prefetch was disabled intentionallyIf someone tried to hide activity10. Investigation Workflow🔹 How analysts use PrefetchLocate Prefetch filesExtract execution metadataAnalyze timestamps and countsCorrelate with other artifactsKey TakeawaysPrefetch records application execution behavior for performanceIt is a powerful forensic artifact for tracking user activityFile names include hashed execution pathsIt can reveal hidden tools, drives, and user behaviorDisabling Prefetch may itself indicate suspicious activityBig PicturePrefetch helps investigators:👉 Move from “what exists on disk” → “what was actually executed”Mental ModelProgram run → Prefetch created → Execution metadata stored → Timeline reconstructed You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy

    23 min
  5. Registry Forensics and the User Assist Key

    4d ago

    Registry Forensics and the User Assist Key

    In this lesson, you’ll learn about: Windows Registry artifacts and UserAssist forensics1. Why Registry Artifacts MatterThe Windows Registry stores hidden traces of user activityInvestigators use it to reconstruct:User behaviorApplication usageSystem timelines🔹 Key IdeaEvery click and execution leaves a forensic footprint2. Common Digital Footprints in Windows🔹 Types of artifactsInternet browsing historyEmail attachmentsSkype / communication logsRecently used files (MRU lists)Executed programs👉 Key Insight:Even deleted actions often remain in registry traces3. The UserAssist Key🔹 What is it?A Windows Registry key that tracks program execution history🔹 What it recordsApplication nameRun count (how many times launched)Last execution timestampUsage frequency👉 Why it matters:Shows what a user actually ran, not just what exists on disk4. ROT13 Obfuscation🔹 What Windows doesUserAssist entries are encoded using a simple cipher:ROT13 cipher🔹 PurposeObscures readable program namesPrevents casual inspection👉 Important Insight:It is not encryption, just basic encoding5. Decoding UserAssist Data🔹 Tools used by investigatorsUserAssistViewMagnet Forensics tools🔹 What they doDecode ROT13 valuesConvert registry entries into readable formatDisplay execution history clearly6. Building a Forensic Timeline🔹 What investigators reconstructWhen programs were openedHow often they were usedSequence of user actions🔹 Why it mattersHelps establish:IntentBehavior patternsPossible malicious activity7. Investigative Value of UserAssist🔹 What it revealsUser activity patternsApplication usage frequencyTime-based behavior analysis👉 Key Insight:It helps answer: “What did the user actually do on the system?”8. Forensic ImportanceSupports legal investigationsHelps detect insider threatsBuilds evidence timelinesKey TakeawaysWindows Registry contains deep user activity artifactsUserAssist tracks executed programs and usage behaviorData is encoded using ROT13, not securely encryptedSpecialized tools are needed to decode and analyze entriesIt is essential for building accurate forensic timelinesBig PictureUserAssist helps investigators:👉 Move from static system data → real user behavior reconstructionMental ModelProgram run → Registry entry → Encoded record → Decoded timeline You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy

    21 min
  6. Course 36 - Windows Forensics and Tools | Episode 6: From System Hives to Forensic Analysis

    5d ago

    Course 36 - Windows Forensics and Tools | Episode 6: From System Hives to Forensic Analysis

    In this lesson, you’ll learn about: Windows Registry structure and forensic analysis1. What is the Windows Registry?A centralized configuration database in WindowsStores system, user, and application settings🔹 Core IdeaThink of it as the brain of Windows configuration2. Registry StructureThe registry is organized in a strict hierarchy:🔹 ComponentsHivesKeysSubkeysValues🔹 AnalogyHive → main database fileKey → folderValue → actual data entry3. Main Root Keys🔹 Key Windows Registry RootsHKEY_LOCAL_MACHINE (HKLM)HKEY_CURRENT_USER (HKCU)🔹 What they representHKLM → system-wide settingsHKCU → settings for the logged-in user4. Physical Storage of Registry HivesStored on disk in:C:\Windows\System32\config 🔹 Why this mattersInvestigators can extract registry data directly from diskEven if Windows is not bootable5. Core HKLM Sub-Hives🔹 SAM (Security Accounts Manager)Stores:User accountsPassword hashes🔹 SECURITY HiveStores:Local security policyLSA secretsAuthentication data🔹 SOFTWARE HiveStores:Installed applicationsConfiguration settings🔹 SYSTEM HiveStores:DriversServicesBoot configuration👉 Key Insight:These hives are critical for system and user reconstruction6. Modern Windows Registry Extensions🔹 Newer HivesBCD (Boot Configuration Data)Controls boot processELAM (Early Launch Anti-Malware)Protects early boot stageBrowser-related application data hives👉 Purpose:Improve security and system initialization7. Forensic Extraction Tools🔹 Common ToolsFTK ImagerUsed to extract registry hives from diskRegistry viewers (offline analysis tools)🔹 Why FTK Imager mattersBypasses OS restrictionsWorks on live or dead systems8. Registry Analysis Workflow🔹 Step-by-step processAcquire disk imageExtract registry hivesLoad into analysis toolExamine keys and values9. What Investigators Look For🔹 Key Evidence TypesUser activityInstalled softwareSystem boot historyMalware persistence mechanismsKey TakeawaysThe registry is a central configuration database for WindowsIt is structured into hives, keys, and valuesCritical hives include SAM, SECURITY, SOFTWARE, SYSTEMRegistry files are physically stored on diskTools like FTK Imager enable offline forensic extractionBig PictureRegistry analysis helps you:👉 Move from system configuration → user and attacker behavior reconstructionMental ModelRegistry = Windows “black box” of system activity You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy

    21 min
  7. Course 36 - Windows Forensics and Tools | Episode 5: Structure and Forensic Significance

    6d ago

    Course 36 - Windows Forensics and Tools | Episode 5: Structure and Forensic Significance

    In this lesson, you’ll learn about: Windows Security Identifiers (SIDs) and user tracking1. What is a Security Identifier (SID)?A SID (Security Identifier) is a unique value assigned to every:UserGroupSecurity principal (system accounts, services)🔹 Core IdeaIt acts like a permanent digital fingerprint in WindowsUsed internally instead of usernames👉 Key Property:A SID is never reused, even if the account is deleted2. Why SIDs ExistWindows needs a stable way to identify identitiesUsernames can changeSIDs cannot🔹 Example UsePermissions are assigned to SIDs, not namesAccess control checks rely on SID matching3. SID in Access Tokens🔹 What happens at login?Windows creates an access tokenThis token contains:User SIDGroup SIDsPrivileges👉 Key Insight:Every process inherits this tokenThis determines what the user can do4. Structure of a SIDA SID is not random—it has a strict format:🔹 Main ComponentsIdentifier AuthoritySub-authority valuesRelative Identifier (RID)5. SID Breakdown Explained🔹 Identifier AuthorityDefines the system or domain originExample:Local machineDomain controller🔹 Sub-authoritiesRepresent hierarchical security structureProvide organizational uniqueness🔹 Relative Identifier (RID)The most specific partIdentifies the actual account6. Important RID Examples🔹 Common Built-in Accounts500 → Built-in Administrator501 → Guest account512 → Domain Admins group513 → Domain Users group🔹 Special Group“Everyone” group → universal access SID👉 Key Insight:RID tells you exactly what type of account it is7. How SIDs Are Used in Security🔹 Access ControlFile permissions are assigned to SIDsNot usernames🔹 Authentication FlowLogin → SID loaded → permissions applied8. Forensic Importance of SIDs🔹 What investigators can learnWhich user performed an actionWhether an account was deleted or renamedPrivilege escalation attempts🔹 Why it mattersEven if usernames change, SID stays the sameEnables long-term tracking of user behaviorKey TakeawaysSIDs are permanent unique identifiers in WindowsThey are used instead of usernames for security decisionsStored inside access tokens during loginStructured into authority, sub-authority, and RIDEssential for forensic tracking and access controlBig PictureSIDs help you:👉 Move from “who is the user?” → “what identity is truly behind the action?”Mental ModelUsername → Human labelSID → System truth You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy

    21 min
  8. Course 36 - Windows Forensics and Tools | Episode 4: From Acquisition to Volatility Analysis

    Jun 2

    Course 36 - Windows Forensics and Tools | Episode 4: From Acquisition to Volatility Analysis

    In this lesson, you’ll learn about: memory forensics and RAM analysis1. Why Memory Forensics MattersRAM (volatile memory) is one of the most valuable forensic sourcesIt contains data that disappears after shutdown🔹 What RAM can revealRunning processesActive network connectionsCommand historyEncryption keysMalware behavior in real time👉 Key Idea:If disk is “history,” RAM is live truth2. Memory Acquisition (Capturing RAM)🔹 What is memory acquisition?Creating a snapshot of physical RAM for analysis🔹 Common ToolsDumpItSimple one-click RAM dump toolUsed widely in field forensicsNotMyFaultForces system crashGenerates full kernel memory dump👉 Key Tradeoff:DumpIt → fast and simpleCrash dump → deeper but disruptive3. Types of Memory Evidence🔹 What investigators look forProcess objectsSuspicious threadsInjected codeHidden malware artifacts🔹 Why it’s importantMalware often exists only in memoryDisk analysis alone may miss it4. Memory Forensic Techniques🔹 String SearchingLook for:PasswordsURLsCommandsAPI keys🔹 Process InspectionIdentify:Legitimate processesSuspicious or orphaned processes🔹 Thread AnalysisDetect:Code injectionHidden execution paths5. Deep Analysis with Volatility🔹 What is Volatility?A powerful memory forensics framework for analyzing RAM dumps🔹 Key CapabilityExtracts structured evidence from raw memory images6. Core Volatility Commands🔹 pslistShows active processesBased on system process list🔹 psscanFinds hidden or terminated processesScans memory directly🔹 psxviewCross-checks multiple process sourcesDetects rootkits and hidden malware👉 Key Insight:If a process appears in psscan but not pslist, it may be hidden7. OS ProfilingFirst step in analysis is identifying:Operating system versionMemory structure layout👉 Why it matters:Correct profile = accurate results in Volatility8. Malware Detection in Memory🔹 What investigators look forInjected DLLsSuspicious network activityHidden execution threads🔹 Key ConceptMalware often hides better in RAM than on disk9. Reporting Findings🔹 Output processExtract evidenceConvert results into structured reportsDocument every forensic step👉 Goal:Make results repeatable and legally defensibleKey TakeawaysRAM is the most dynamic and valuable forensic sourceMemory acquisition must be done carefully to preserve evidenceTools like DumpIt and crash dumps capture volatile dataVolatility enables deep inspection of memory structuresCross-checking process lists helps detect hidden malwareBig PictureMemory forensics helps you:👉 Move from live system behavior → hidden system truthMental ModelCapture RAM → Identify OS → Analyze processes → Detect anomalies → Report findings You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy

    22 min
See All (263)

About

Welcome to CyberCode Academy — your audio classroom for Programming and Cybersecurity. 🎧 Each course is divided into a series of short, focused episodes that take you from beginner to advanced level — one lesson at a time. From Python and web development to ethical hacking and digital defense, our content transforms complex concepts into simple, engaging audio learning. Study anywhere, anytime — and level up your skills with CyberCode Academy. 🚀 Learn. Code. Secure. You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy

Information

  • Creator
    CyberCode Academy
  • Years Active
    2025 - 2026
  • Episodes
    263
  • Rating
    Clean
  • Copyright
    © Copyright CyberCode Academy
  • Show Website
    CyberCode Academy

You Might Also Like