CyberCode Academy cover art

CyberCode Academy

CyberCode Academy

Written by: CyberCode Academy
Listen for free

About this listen

 Welcome to CyberCode Academy — your audio classroom for Programming and Cybersecurity.
🎧 Each course is divided into a series of short, focused episodes that take you from beginner to advanced level — one lesson at a time.
From Python and web development to ethical hacking and digital defense, our content transforms complex concepts into simple, engaging audio learning.
Study anywhere, anytime — and level up your skills with CyberCode Academy.
🚀 Learn. Code. Secure.Copyright CyberCode Academy Education
Episodes
  • Course 22 - Digital Forensics: RAM Extraction Fundamentals | Episode 1: Value, Strategy, and Technical Preparation

    Course 22 - Digital Forensics: RAM Extraction Fundamentals | Episode 1: Value, Strategy, and Technical Preparation
    Feb 4 2026
    In this lesson, you’ll learn about:
    • Why RAM Is Critical Forensic Evidence
      • How volatile memory captures data that never touches disk and is lost on shutdown.
      • Recovering private browsing sessions, chat data, webmail content, and remnants of failed wiping attempts.
      • Identifying in-memory malware, including rootkits, injected code, and hidden processes that evade disk-based scanners.
      • Extracting encryption keys and credentials (e.g., BitLocker, TrueCrypt, cached passwords) that unlock otherwise inaccessible evidence.
    • The “RAM Debate”: When to Capture vs. When to Skip
      • Understanding how missing RAM evidence can be argued as exculpatory in court.
      • Evaluating the forensic footprint: every capture tool overwrites some memory.
      • Making defensible decisions to omit RAM collection when:
        • The suspect has confessed.
        • Disk artifacts already answer the investigative questions.
        • Live triage indicates the system was likely uninvolved.
      • Learning how to justify your decision either way in reports and testimony.
    • RAM Footprint and Evidentiary Integrity
      • What a RAM footprint is and why courts care about it.
      • Minimizing contamination by selecting lightweight, trusted tools.
      • Documenting tool choice, execution order, and system state to maintain credibility.
    • Hardware Preparation for Live Memory Capture
      • Why USB 3.0 magnetic hard drives are preferred over flash drives:
        • Faster acquisition times.
        • Higher capacity for large memory dumps.
        • Reduced risk of incomplete captures.
      • Planning storage capacity based on installed system RAM.
    • Tool Redundancy and Operational Readiness
      • Why investigators should maintain 2–4 validated RAM tools.
      • Handling failures caused by OS updates, drivers, or endpoint security controls.
      • Understanding that redundancy is a professional requirement, not overkill.
    • Recommended Free RAM Capture Tools
      • DumpIt – simple, fast, minimal user interaction.
      • Belkasoft Live RAM Capturer – reliable and widely court-tested.
      • Magnet RAM Capture – integrates cleanly with Magnet analysis workflows.
      • FTK Imager – versatile option when already deployed on-scene.
    By the end of this episode, you’ll understand not just how to extract RAM, but when, why, and how to defend your decision under scrutiny—turning volatile memory into some of the most powerful evidence in a live forensic investigation.

    You can listen and download our episodes for free on more than 10 different platforms:
    https://linktr.ee/cybercode_academy
    Show More Show Less
    17 mins
  • Course 21 - Digital Forensics: Windows Shellbags | Episode 5: Shellbags Forensics: Validating Network Drive Activity

    Course 21 - Digital Forensics: Windows Shellbags | Episode 5: Shellbags Forensics: Validating Network Drive Activity
    Feb 3 2026
    In this lesson, you’ll learn about:
    • Validating Network Drive Activity with Shellbags
      • How Windows Shellbags act as a silent witness for user interaction with network shares and mapped drives.
      • Why UsrClass.dat is a critical artifact for proving access to remote resources, even when permissions are restricted.
    • Recording Remote Folder Access
      • How accessing a mapped network drive (e.g., Z:) generates Shellbag entries.
      • Capturing exact remote folder paths (such as administrative or restricted directories) that a user navigated to.
      • Demonstrating that Shellbags records navigation, not just file creation or modification.
    • Timestamp Behavior in Network Shellbags
      • Understanding how remote MAC times are copied and stored locally:
        • Last Accessed Time: Often reflects the precise moment the user viewed or entered the network folder.
        • Last Written Time: May indicate when the network drive was first connected or when folder view settings were changed.
        • Created Time: Represents the state of the folder metadata at the moment it was first recorded in Shellbags.
      • Recognizing that all timestamps must be interpreted in UTC and converted to local time for reporting.
    • Event Reconstruction and Attribution
      • Reconstructing timelines that show who accessed which network location and when.
      • Correlating Shellbag entries with other evidence to confirm intentional user interaction rather than background system activity.
      • Differentiating between mere drive connection and active navigation into specific subfolders.
    • Investigative and Evidentiary Value
      • Using Shellbag evidence to prove file awareness and knowledge, not just theoretical access.
      • Supporting cases involving unauthorized access, insider threat activity, or data exfiltration.
      • Reinforcing why Shellbags are especially powerful when files no longer exist or access logs are unavailable.
    By the end of this episode, you’ll be able to confidently analyze Shellbag artifacts related to network drives, interpret their timestamps accurately, and use them to demonstrate user knowledge and interaction with remote file systems in a forensic investigation.

    You can listen and download our episodes for free on more than 10 different platforms:
    https://linktr.ee/cybercode_academy
    Show More Show Less
    12 mins
  • Course 21 - Digital Forensics: Windows Shellbags | Episode 4: Shellbag Forensics: Tracking USB Device History and Artifact Validation

    Course 21 - Digital Forensics: Windows Shellbags | Episode 4: Shellbag Forensics: Tracking USB Device History and Artifact Validation
    Feb 2 2026
    In this lesson, you’ll learn about:
    • USB Forensics Using Shellbag Artifacts
      • How Windows Shellbags can be leveraged to reconstruct user interaction with removable media.
      • Why Shellbags are valuable for determining whether files were copied to or from USB devices, even when the media is no longer connected.
    • Initial Evidence Generation and Collection
      • Creating controlled forensic artifacts by moving test files onto a FAT16-formatted USB drive.
      • Exporting relevant registry hives (such as USRCLASS.DAT) using FTK Imager.
      • Loading these hives into Shellbag Explorer for structured analysis.
    • Understanding File System Timestamp Behavior
      • Recognizing FAT16 limitations, where Last Accessed timestamps record only the date, not the time.
      • Interpreting Created timestamps as the moment files or folders were moved onto the USB device.
      • Understanding why Modified timestamps often remain unchanged during copy or move operations.
    • Shellbag Data Merging and Ghost Artifacts
      • Learning how Windows may merge Shellbag data when a USB device is reformatted, renamed, or reused.
      • Understanding how previously accessed folders can still appear in Shellbag Explorer due to reuse of the same drive letter or volume identifiers.
      • Identifying “ghost” directories and avoiding false assumptions about current device contents.
    • Handling Multiple Removable Devices
      • Observing how Windows assigns new drive letters (e.g., E:, then F:) when multiple USB devices are connected.
      • Using Last Write Time values to infer when a USB device was inserted or when its folder view preferences were modified.
    • Forensic Validation and Reporting
      • Evaluating whether timestamps and folder structures logically align with expected user behavior.
      • Understanding why investigators must not rely solely on automated tool output.
      • Emphasizing manual validation to prevent misinterpretation caused by merged or residual Shellbag data.
    By the end of this episode, you’ll be able to analyze Shellbag artifacts related to USB devices, accurately interpret file system timestamps, and validate whether removable media activity supports or contradicts suspected data exfiltration or injection events.

    You can listen and download our episodes for free on more than 10 different platforms:
    https://linktr.ee/cybercode_academy
    Show More Show Less
    12 mins
No reviews yet