This course will examine in considerable depth how file and operating systems determine the type of information available to examiners. In particular the design and behavior of these systems will be discussed and students will be taught to recover information from these systems at the binary level. The features and limitations of current forensic software tools will also be covered, with particular attention paid to the techniques by which the automated tools interpret data. A range of operating systems will be examined, including PC, mobile phone and embedded systems.
Learning Objectives
- Conduct forensic analysis of PC & server operating systems and software running on those systems
- Develop and evaluate methods of analysis of operating systems and applications
- Evaluate the evidentiary features of a file system
- Conduct an analysis of and report on user activity on an operating system
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Specialty Areas
- Systems Architecture
- Data Administration
- Systems Administration
- Systems Analysis
- Vulnerability Assessment and Management