Skip to content

ziyslmn/cybersecurity-labs

BranchesTags

Repository files navigation

Cybersecurity Labs

Hands-on cybersecurity and digital forensics investigations completed during my Cybersecurity program at Northeastern Illinois University.

These projects demonstrate practical experience in:

• malware analysis
• Windows and Linux forensic investigations
• disk image analysis
• volatile artifact collection
• file recovery and data carving
• network traffic analysis

Featured Projects

Static Malware Analysis Investigation

Performed static analysis on a suspicious Windows executable to identify indicators of compromise, analyze the Portable Executable (PE) structure, and investigate potential malicious behavior.

Windows System Forensics Investigation

Investigated Windows system artifacts including event logs, user activity, and system processes to reconstruct system behavior and identify security-relevant events.

Linux System Forensics Investigation

Analyzed Linux system artifacts, network activity, and potential rootkit indicators using forensic analysis and network scanning tools.

Volatile Data Collection and Live System Analysis

Collected and analyzed volatile artifacts from a running system including active processes, network connections, routing tables, and memory-related system information.

Disk Image Forensics (Autopsy Investigation)

Used Autopsy to analyze a forensic disk image, examine file system structures, recover artifacts, and reconstruct potential user activity.

File Recovery and Data Carving

Recovered deleted files and artifacts from storage media using forensic disk imaging and data carving techniques.

TLS Traffic Analysis with Wireshark

Analyzed a TLS-encrypted HTTPS session using Wireshark to examine the TCP connection establishment, TLS handshake process, certificate exchange, cipher suite negotiation, and encrypted application data.

Investigation Methodology

The investigations in this repository follow a structured digital forensic and security analysis methodology:

  1. Evidence identification and collection
  2. Artifact and packet analysis
  3. Indicator identification
  4. Correlation of system or network activity
  5. Documentation of findings and security implications

This methodology reflects common practices used in digital forensics and incident response (DFIR) investigations.

Skills Demonstrated

  • Static malware analysis
  • Windows forensic artifact analysis
  • Linux system investigation
  • Volatile data collection
  • Disk image forensic analysis
  • File recovery and data carving
  • Network traffic analysis
  • TLS handshake investigation
  • Log analysis
  • Network security fundamentals

Tools Used

Digital Forensics

  • Autopsy
  • Sleuth Kit
  • Sysinternals
  • Linux forensic utilities

Malware Analysis

  • PE file inspection
  • Strings analysis
  • VirusTotal
  • Hybrid Analysis

Network Analysis

  • Wireshark
  • Packet inspection and protocol analysis

Systems & Virtualization

  • Linux
  • Windows
  • VirtualBox

About

Hands-on cybersecurity investigations including malware analysis, Windows and Linux forensics, disk image analysis, TLS traffic inspection, and file recovery.

Topics

security dfir cybersecurity wireshark malware-analysis digital-forensics autopsy linux-forensics

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors