Get 7 in 1 Digital Success Bundle Today!

Click HERE To Check Professional Indian Courses more then 45+ Courses
Canva Pro Lifetime Invite Link FREE
IIT JEE & NEET Preparation Material
All Famous Digital Marketing Course
★ Fresh Graphic Designing MEGA PACK 2021400+ Life Changing EbooksAccess to 60 Google Groups Collection ★
★ Unlimted Google Drive StorageUnlimited Guide To Social Media MarketingPremium & High Quality 2000+ Android APPS Source Code ★
Email me For Courses Links Click HERE
Telegram Ihtreek Tech
Telegram Ihtreek Tech
Telegram Ihtreek Tech
Amazon SALE Live Flipkart The Big Billion Days SALE LIVE Offers On Electronics
Skip to content

Digital-Forensics-Lab | Free Hands-On Digital Forensics Labs For Students And Faculty

Hands-on labsForensic Intelligence Repository

Features of Repository


  • Hands-on Digital Forensics Labs: designed for Students and Faculty
  • Linux-based lab: All labs are purely based on Kali Linux 1
  • Lab screenshots: Each lab has PPTs with instruction screenshots
  • Comprehensive: Cover many topics in digital forensics
  • Free: All tools are open source
  • Updated: The project is funded by DOJ and will keep updating
  • Two formalized forensic intelligence in JSON files based-on case studies

Table of Contents (updating)

# The following commands will install all tools needed for Data Leakage Case. We will upgrade the script to add more tools for other labs soon.  wget chmod +x ./ 

Investigating P2P Data Leakage


The P2P data leakage case study is to help students to apply various forensic techniques to investigate intellectual property theft involving P2P. The study include

  • A large and complex case involving a uTorrent client. The case is similar to NIST data leakage lab. However, it provides a clearer and more detailed timeline.
  • Solid evidence with explanations. Each evidence that is associated with each activity is explained along with the timeline. We suggest using this before study NIST data leakage case study.
  • 10 hands-on labs/topics in digital forensics

Topics Covered

LabsTopics CoveredSize of PPTs
Lab 0Lab Environment Setting Up4M
Lab 1Disk Image and Partitions 15M
Lab 2Windows Registry and File Directory 115M
Lab 3MFT Timeline6M
Lab 4USN Journal Timeline3M
Lab 5uTorrent Log File9M
Lab 6File Signature8M
Lab 7Emails9M
Lab 8Web History11M
Lab 9Website Analysis 12M
Lab 10Timeline (Summary)13K

Investigating NIST Data Leakage


The case study is to investigate an image involving intellectual property theft. The study include

  • A large and complex case study created by NIST. You can access the Senario, DD/Encase images. You can also find the solutions on their website.
  • 14 hands-on labs/topics in digital forensics

Topics Covered

LabsTopics CoveredSize of PPTs
Lab 0Environment Setting Up2M
Lab 1Windows Registry3M
Lab 2Windows Event and XML3M
Lab 3Web History and SQL3M
Lab 4Email Investigation3M
Lab 5File Change History and USN Journal2M
Lab 6Network Evidence and shellbag2M
Lab 7Network Drive and Cloud5M
Lab 8Master File Table ($MFT) and Log File ($logFile) Analysis13M
Lab 9Windows Search History4M
Lab 10Windows Volume Shadow Copy Analysis6M
Lab 11Recycle Bin and Anti-Forensics3M
Lab 12Data Carving3M
Lab 13Crack Windows Passwords2M

Investigating Illegal Possession of Images


The case study is to investigate the illegal possession of Rhino images. This image was contributed by Dr. Golden G. Richard III, and was originally used in the DFRWS 2005 RODEO CHALLENGE. NIST hosts the USB DD image. A copy of the image is also available in the repository.

Topics Covered

LabsTopics CoveredSize of PPTs
Lab 0HTTP Analysis using Wireshark (text)3M
Lab 1HTTP Analysis using Wireshark (image)6M
Lab 2Rhion Possession Investigation 1: File recovering9M
Lab 3Rhion Possession Investigation 2: Steganography4M
Lab 4Rhion Possession Investigation 3: Extract Evidence from FTP Traffic3M
Lab 5Rhion Possession Investigation 4: Extract Evidence from HTTP Traffic5M

Investigating Email Harassment


The case study is to investigate the harassment email sent by a student to a faculty member. The case is hosted by You can access the senario description and network traffic from their website. The repository only provides lab instructions.

Topics Covered

LabsTopics CoveredSize of PPTs
Lab 0Investigating Harassment Email using Wireshark3M
Lab 1t-shark Forensic Introduction2M
Lab 2Investigating Harassment Email using t-shark2M

Investigating Illegal File Transferring (Memory Forensics )


The case study is to investigate computer memory for reconstructing a timeline of illegal data transferring. The case includes a scenario of transfer sensitive files from a server to a USB.

Topics Covered

LabsTopics CoveredSize of PPTs
Lab 0Memory Forensics11M
part 1Understand the Suspect and Accounts
part 2Understand the Suspect’s PC
part 3Network Forensics
part 4Investigate Command History
part 5Investigate Suspect’s USB
part 6Investigate Internet Explorer History
part 7Investigate File Explorer History
part 8Timeline Analysis

Investigating Hacking Case


The case study, including a disk image provided by NIST is to investigate a hacker who intercepts internet traffic within range of Wireless Access Points.

Topics Covered

LabsTopics CoveredSize of PPTs
Lab 0Hacking Case8M

Investigating Android 10

The image is created by Joshua Hickman and hosted by digitalcorpora.


LabsTopics CoveredSize of PPTs
Lab 0Intro Pixel 33M
Lab 1Pixel 3 Image2M
Lab 2Pixel 3 Device4M
Lab 3Pixel 3 System Setting5M
Lab 4Overview: App Life Cycle11M
Lab 5.1.1AOSP App Investigations: Messaging4M
Lab 5.1.2AOSP App Investigations: Contacts3M
Lab 5.1.3AOSP App Investigations: Calendar1M
Lab 5.2.1GMS App Investigations: Messaging 16M
Lab 5.2.2GMS App Investigations: Dialer 12M
Lab 5.2.3GMS App Investigations: Maps8M
Lab 5.2.4GMS App Investigations: Photos6M
Lab 5.3.1Third-Party App Investigations: Kik4M
Lab 5.3.2Third-Party App Investigations: textnow1M
Lab 5.3.3Third-Party App Investigations: whatapp 13M
Lab 6Pixel 3 Rooting5M

Tools Used





  • Frank Xu
  • Malcolm Hayward
  • Richard (Max) Wheeless




digital forensics lab

GitHub – frankwxu/digital-forensics-lab: Free hands-on digital forensics labs… 7

Free hands-on digital forensics labs for students and faculty – GitHub – frankwxu/digital-forensics-lab: Free hands-on digital forensics labs for students and faculty

Leave a Reply

Your email address will not be published. Required fields are marked *