Students will gain a practical knowledge of the elements of digital forensics as it relates to parsing and understanding file system structure and use. File systems are the underlining structures of hardware systems and are used as a method of storing and organizing computer files and their data.
Learning Objectives
- Make use of forensic tools to analyze the FAT, NTFS and ext file systems
- Identify the important data structures on the FAT, NTFS, ext and HFS+ file systems
- Examine the structure of a disk drive including the boot record, partition table and slack space
- Make use of forensic tools to acquire forensically sound images of disk drives
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Specialty Areas
- Incident Response
- Vulnerability Assessment and Management
- Digital Forensics
- Cyber Investigation
- Collection Operations
Feedback
If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@hq.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.