This repository contains notes, workflows, real-case simulations, and visualizations related to the Digital Forensics Project course offered by ISACA. It serves as a reference toolkit for incident responders, forensic analysts, and cybersecurity researchers.
All theory and methodology notes are located in the notes/ directory:
- 📄
evidence-collection.md– Best practices for acquiring digital evidence - 📄
chain-of-custody.md– Maintaining integrity and legal admissibility - 📄
digital-artifacts.md– Common digital traces: memory, logs, devices - 📄
forensic-tools.md– Tools for imaging, analysis, and extraction
Find guided procedures and case-based investigations in workflows/:
- 🧾
cloud-account-investigation.md– Analyze AWS IAM compromise - 🧾
log-correlation-analysis.md– Centralized log inspection for lateral movement
Real-world analysis walkthroughs in demo/:
- 📬
email-header-analysis.md– Trace spoofed email origins via headers - 💾
usb-drive-analysis.md– Extract evidence from a seized USB device
Visual and modern forensic strategies under visual/:
- 🔍
cloud-forensics-process.md– Workflow for incidents in cloud environments
| Section | Image |
|---|---|
| 📘 Course Overview |  |
🎓 Digital Forensics Project.pdf
This project simulates a professional forensic engagement with a focus on chain-of-custody, artifact correlation, and cloud-era incident analysis.
✅ Key Learnings:
- Proper evidence collection and documentation
- Analyzing memory devices and log trails
- Email forensics and spoof detection
- Working in hybrid (cloud + local) environments
Thành Danh – Pentester & Cybersecurity Research
GitHub: @ngvtdanhh
Email: ngvu.thdanh@gmail.com
This project is licensed under the MIT License.
See LICENSE for details.
© 2025 ngvtdanhh. All rights reserved.