Insider is a blue team lab that falls under the Endpoint Forensics category and will cover the following subjects: FTK Imager, Execution, Credential Access.
Learning Objectives
Analyze Linux disk image artifacts, including logs and Bash history, using FTK Imager to investigate insider threat activities and reconstruct user actions.