Covers theory of forensic procedures, review of identification, imaging, and authentication, review of FAT file system, NTFS, EXT3, and HFS+ file systems, partitioning, Window’s registry analysis, email and web history analysis, mobile and solid state forensics.
Learning Objectives
- Identify structures, and recover evidence from, the NTFS file system
- Identify structures, and recover evidence from, the EXT (Linux) file system
- Identify structures, and recover evidence from, the HFS+ (Mac) file system
- Identify structures encompassing the Macintosh and Linux boot processes
- Recover evidence from the Windows registry
- Recover evidence from an email and web investigation
- Demonstrate an understanding of the fundamentals of mobile device forensics
- Demonstrate an understanding of the fundamentals of solid state forensics