neolea/neolea-training-materials
4
0
Fork 0
mirror of https://github.com/neolea/neolea-training-materials synced 2025-12-27 08:42:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
Open source training materials for law-enforcement and organisations interested in DFIR.
130 commits 2 branches 1 tag 136 MiB
Find a file
Exact
Alexandre Dulaunoy 4b1b943e2f
 chg: [doc] PDF regenerated
2025-05-30 12:09:09 +02:00
e.001-introduction chg: [builds] typos + references + cleanup 2020-07-03 15:41:46 +02:00
e.100-information-sharing chg: [builds] typos + references + cleanup 2020-07-03 15:41:46 +02:00
e.101-misp-lea-api new: [e.101] new repo for all API related documentation for MISP-LEA access 2024-09-18 08:58:40 +02:00
e.102-digital-forensic-introduction chg: [doc] PDF regenerated 2025-05-30 12:09:09 +02:00
e.200-dfir-pdf-analysis chg: [builds] typos + references + cleanup 2020-07-03 15:41:46 +02:00
e.201-digital-forensic-primer e.201-digital-forensic-primer updated 2024-12-12 16:51:59 +01:00
e.202-network-forensic chg: [builds] typos + references + cleanup 2020-07-03 15:41:46 +02:00
e.203-file-system-data-recovery e.203-file-system-data-recover updated 2024-12-12 16:55:50 +01:00
e.204-windows-memory-files Added images since update. 2025-01-07 17:06:59 +01:00
e.205-dfir-elf-analysis fix: [misp-lea] scale fixed 2025-05-30 11:29:40 +02:00
e.300-data-mining chg: [a.300] udpated with the changes done in AIL training during MISP-LEA workshops 2025-05-30 12:08:06 +02:00
e.301-cryptography chg: [e.301] script folder description 2020-07-03 15:59:13 +02:00
images chg: [doc] logo added 2020-07-08 09:33:19 +02:00
output chg: [doc] PDF regenerated 2025-05-30 12:09:09 +02:00
build.sh chg: [doc] e.102 added 2025-05-30 12:00:13 +02:00
methodology.md chg: [methodology] PMF reference added 2020-07-08 11:45:56 +02:00
README.md chg: [doc] updated 2025-05-30 12:02:17 +02:00
table.md chg: [new course] MISP-LEA elf analysis course added 2025-05-30 11:31:26 +02:00

README.md

Neolea training materials overview

neolea logo

The courses overview is centered around information sharing, collaboration around the different aspects of DFIR (digital forensic and incident response). The training setup includes a set of MISP instances in order to support the activities during the training and especially to improve collaboration between teams and sharing at large. The neolea training materials are part of the neolea model which is a concept in development to improve the capabilities for LEA while improving the tooling used in DFIR.

Terminology

  • 100 Introductory - Basis are required to benefit from the other trainings (MISP and information sharing)
  • 200 Intermediate - DFIR topics (from digital forensic to network forensic analysis)
  • 300 Advanced - Advanced topics (data mining, cryptography)

List of training materials available

  • E.100 MISP - Open Source Threat Intelligence Platform Supporting Digital Forensic and Incident Response
  • E.101 MISP-LEA - MISP-LEA API and Automation
  • E.102 Digital Forensic Introduction (in 3 parts)
  • E.200 Post Mortem Analysis Techniques of Fake Invoices Manipulated PDF documents
  • E.201 Digital Forensics - Introduction: Post-mortem Digital Forensics
  • E.202 Network forensic - Analysing black-hole monitoring dataset How to better understand DDoS attacks from backscatter traffic, opportunistic network scanning and exploitation
  • E.203 Digital Forensics - Introduction: File System and Data Recovery
  • E.204 Digital Forensics - Introduction: Windows Memory and File Forensics
  • E.205 Reversing - Introduction: ELF Binary Analysis
  • E.300 Data mining using the AIL project
  • E.301 Cryptography Workarounds For Law Enforcement
Slides (PDF) Source Code
e.001-introduction source
e.100-information-sharing source
e.102-digital-forensic-introduction part 1 e.102-digital-forensic-introduction part 2 e.102-digital-forensic-introduction part 3 source
e.200-dfir-pdf-analysis source
e.201-digital-forensic-primer source
e.202-network-forensic source
e.203-file-system-data-recovery source
e.204-windows-memory-files source
e.205-dfir-elf-analysis source
e.300-data-mining source
e.301-cryptography source

Open Source License

All the materials are dual-licensed under GNU Affero General Public License version 3 or later and the Creative Commons Attribution-ShareAlike 4.0 International. You can use either one of the licenses depending of your use case of the training materials.

All the source code is available at https://www.github.com/neolea/neolea-training-materials.

If you reuse the training materials, don't forget to include the above for attribution.

Funding

The neolea project training materials is developed by CIRCL Computer Incident Response Center Luxembourg, and co-financed within the MISP-LEA project.

MISP-LEA project started the first June 2023. It consists in an law enforcement agency information sharing community supported by CIRCL and Shadowserver.

Previous Funding

The neolea project training materials was developed by CIRCL Computer Incident Response Center Luxembourg, and co-financed within ENFORCE.

ENFORCE is an 18-month European project co-funded by the European Commission in the framework of the Internal Security Fund Police. The project runs from December 2018 to May 2020. The ENFORCE project aims at designing, setting-up, and disseminating a cybercrime training curriculum at the European level. This curriculum will be validated during a training exercise allowing different European public (e.g. law enforcement agencies and CSIRTs) and private actors fighting cybercrime to train together using state-of-the-art training technology. ENFORCE project is coordinated by CEIS and a partnership between CIRCL, French Ministry of Interior and CEIS.

Contributors in alphabetical order

How to contribute

Feel free to fork the training materials, play with it, make some updates or create new content and send us the pull requests. If you have some proposals, ideas or updates, you can also open an issue.

Complementary materials