neolea-training-materials

Neolea training materials overview

neolea logo

The courses overview is centered around information sharing, collaboration around the different aspects of DFIR (digital forensic and incident response). The training setup includes a set of MISP instances in order to support the activities during the training and especially to improve collaboration between teams and sharing at large. The neolea training materials are part of the neolea model which is a concept in development to improve the capabilities for LEA while improving the tooling used in DFIR.

Terminology

100 Introductory - Basis are required to benefit from the other trainings (MISP and information sharing)
200 Intermediate - DFIR topics (from digital forensic to network forensic analysis)
300 Advanced - Advanced topics (data mining, cryptography)

List of training materials available

E.100 MISP - Open Source Threat Intelligence Platform Supporting Digital Forensic and Incident Response
E.101 MISP-LEA - MISP-LEA API and Automation
E.200 Post Mortem Analysis Techniques of Fake Invoices Manipulated PDF documents
E.201 Digital Forensics - Introduction: Post-mortem Digital Forensics
E.202 Network forensic - Analysing black-hole monitoring dataset How to better understand DDoS attacks from backscatter traffic, opportunistic network scanning and exploitation
E.203 Digital Forensics - Introduction: File System and Data Recovery
E.204 Digital Forensics - Introduction: Windows Memory and File Forensics
E.300 Data mining using the AIL project
E.301 Cryptography Workarounds For Law Enforcement

Slides (PDF)	Source Code
e.001-introduction	source
e.100-information-sharing	source
e.200-dfir-pdf-analysis	source
e.201-digital-forensic-primer	source
e.202-network-forensic	source
e.203-file-system-data-recovery	source
e.204-windows-memory-files	source
e.300-data-mining	source
e.301-cryptography	source

Open Source License

All the materials are dual-licensed under GNU Affero General Public License version 3 or later and the Creative Commons Attribution-ShareAlike 4.0 International. You can use either one of the licenses depending of your use case of the training materials.

All the source code is available at https://www.github.com/neolea/neolea-training-materials.

If you reuse the training materials, don’t forget to include the above for attribution.

Funding

The neolea project training materials is developed by CIRCL Computer Incident Response Center Luxembourg, and co-financed within the MISP-LEA project.

MISP-LEA project started the first June 2023. It consists in an law enforcement agency information sharing community supported by CIRCL and Shadowserver.

Previous Funding

The neolea project training materials was developed by CIRCL Computer Incident Response Center Luxembourg, and co-financed within ENFORCE.

ENFORCE is an 18-month European project co-funded by the European Commission in the framework of the Internal Security Fund – Police. The project runs from December 2018 to May 2020. The ENFORCE project aims at designing, setting-up, and disseminating a cybercrime training curriculum at the European level. This curriculum will be validated during a training exercise allowing different European public (e.g. law enforcement agencies and CSIRTs) and private actors fighting cybercrime to train together using state-of-the-art training technology. ENFORCE project is coordinated by CEIS and a partnership between CIRCL, French Ministry of Interior and CEIS.

Contributors in alphabetical order

How to contribute

Feel free to fork the training materials, play with it, make some updates or create new content and send us the pull requests. If you have some proposals, ideas or updates, you can also open an issue.