Overview
-
Learn how to acquire and analyze data from computers or storage devices with computer forensics.
Syllabus
-
Introduction
- Learning computer forensics
- What you should know
- Goals of computer forensics
- History
- Types of investigations
- Tools
- Legal implications
- Current and future trends
- Challenges
- Anti-forensics techniques
- Compliance and forensics
- Cybersecurity and forensics
- Specializations in computer forensics
- Network forensics
- Operating system forensics
- Web forensics
- Cloud forensics
- Malware forensics
- Mobile forensics
- Email forensics
- Certifications
- Tools and knowledge requirements
- Hardware
- Software
- Understanding hexadecimal (hex) numbers
- Using a hex editor
- Understanding an offset
- Forensics OS distributions
- Understanding file systems
- Understanding the boot sequence
- Understanding disk drives
- Understanding the master boot record (MBR)
- Understanding partitioning
- Evidence preservation approaches
- Understanding the role of write blockers
- Using a software write blocker
- Using hardware write blockers
- Understanding hashing
- Hashing algorithms
- Hashing in FTK Imager
- Understanding mounting
- Mounting manually
- Data acquisition approaches
- Static acquisition with open-source tools
- Creating split-disk image files with dd
- Static acquisition with dcfldd
- Live acquisition with a commercial tool
- Memory dump analysis with volatility
- Forensic data analysis
- Indexing
- Searching
- Generating a report
- Hex editor analysis of a file with a wrong extension
- Hex editor analysis of a bit-shifted file
- Steganography
- Next steps
