Learn how to acquire and analyze data from computers or storage devices with computer forensics.
Overview
Syllabus
Introduction
- Computer forensics
- What you should know
- Definition and goals of computer forensics
- History
- Types of investigations
- Tools
- Legal implications
- Current and future trends
- Challenges
- Anti-forensics techniques
- Compliance and forensics
- Cybersecurity and forensics
- Specializations in computer forensics
- Network forensics
- Operating system forensics
- Web forensics
- Cloud forensics
- Malware forensics
- Mobile forensics
- Email forensics
- Certifications
- Tools and knowledge requirements
- Hardware
- Software
- Understanding hexadecimal numbers
- Using a hex editor
- Understanding offset
- Forensics OS distributions
- Challenge: Hex editor
- Solution: Hex editor
- Understanding file systems
- Understanding the boot sequence
- Understanding disk/solid-state drives
- Understanding the master boot records (MBR)
- Understanding Partitioning
- Challenge: Partitioning a USB drive
- Solution: Partitioning a USB drive
- Evidence preservation approaches
- Understanding the role of write blockers
- Using a software write blocker
- Using hardware write blockers
- Understanding hashing
- Hashing algorithms
- Case Study: Hashing in FTK Imager
- Understanding mounting
- Mounting manually
- Challenge: Hashing in Kali
- Solution: Hashing in Kali
- Data acquisition approaches
- Static acquisition with open-source tools
- Static acquisition case study with dd
- Static acquisition case study with dcfldd
- Live acquisition case study with a commercial tool
- Challenge: Live acquisition with a memory dump file
- Solution: Live acquisition with a memory dump file
- Forensic data analysis
- Indexing
- Searching
- Generating a Report
- Case Study: Hex editor analysis of a file with a wrong extension
- Hex editor analysis of a bit-shifted file
- Case Study: Steganography
- Next steps
Taught by
Jungwoo Ryoo