This course will examine in considerable depth how file and operating systems determine the type of information available to examiners. In particular the design and behavior of these systems will be discussed and students will be taught to recover information from these systems at the binary level. The features and limitations of current forensic software tools will also be covered, with particular attention paid to the techniques by which the automated tools interpret data. A range of operating systems will be examined, including PC, mobile phone and embedded systems.
- Conduct forensic analysis of PC & server operating systems and software running on those systems
- Develop and evaluate methods of analysis of operating systems and applications
- Evaluate the evidentiary features of a file system
- Conduct an analysis of and report on user activity on an operating system