| 
  • If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • You already know Dokkio is an AI-powered assistant to organize & manage your digital files & messages. Very soon, Dokkio will support Outlook as well as One Drive. Check it out today!

View
 

All Course Lectures

Page history last edited by Patrick 4 months, 1 week ago

CET4861 Lectures Page

 

Lectures that are useful for the materials in this course will be posted on this page. In addition to lectures produced for this class, this page also includes lectures from other courses.

 

I strongly suggest you download these files to your computer, that way you can view the video on your host system and have access to it at any time (even when you are offline).  Also, run the video in your host system (Windows, whatever) and have your VM open while I work through the video. Pause the video when I run the command, duplicate the command.  Does it work? Great! You're doing it correctly.  Doesn't work? You're doing it wrong!  That's the only way to learn, by DOING!  Now have fun!

 

 
 
Topics
  Link
Introduction
  
   

 

 

   

Setting Up

 

  • If you haven't previously had a class with me which has used VMware or Linux, this will help you get started.
 

Installing Mint

4860 Review
  Videos for review only 
   

Introduction to forensics, basic forensics procedures, and dealing with evidence

 

Length: 28 Minutes

  Forensic process
   

 Steps to create a disk image, verify a disk image, and document the process.

 

Length: 8 Minutes

 
Imaging
   

One-way cryptographic hashing. Verify files with MD5 cryptographic hashes on Linux and windows. Analyze a disk image safely in read-only mode.

 

Length: 21 Minutes

  Verification
   

A look at the details of the Virtual File Allocation Table File System (VFAT) 

 

Length: 30 Minutes

  VFAT file system 
  Sample of Tools for Forensic Examination 
   

Brief overview of FTK Imager such as adding a drive, creating a hash of a drive, and creating a disk image.

 

Length: 19 Minutes

  FTK Imager
   

Creating an image and file hashes using ProDiscover

 

Length: 17 Minutes 

  ProDiscover
   

How to image and verify a drive using Linux. Use dd to image a drive in Linux, obtain file information with file, and multiple methods to create and view hashes.

 

Length: 20 Minutes

  Linux dd
  Readings
   
Craiger - Computer Forensics Procedures    Craiger - Computer Forensics Procedures
Project 1: Tool Validation
NTFS
   

Microsoft's New Technology File System (NTFS). 

 

Length: 27 Minutes

  NTFS 1 of 2
   

Continuation of the first NTFS video 

 

Length: 23 Minutes

  NTFS 2 of 2 
   

A brief look at some of the things in NTFS.

 

Length: 6 Minutes

  NTFS Demo
   

Hiding data using Alternate Data Streams in NTFS

 

Length: 15 Minutes

  Alternate Data Streams
   

Install Sleuthkit and use it to forensically analyze an image of a file system.

 

Length: 30 Minutes

  Sleuthkit
Project 2: NTFS File System
Mac and Linux file systems
  1

Macintosh file structure and the Hierarchical File System Extended Format (HFS+)

 

Length: 28 Minutes 

  HFS+ 
  2

Linux and the EXT file system part 1

 

Length: 31 Minutes 

  EXT 1 of 2
  3

Linux and the EXT file system part 2

 

Length: 31 Minutes 

  EXT 2 of 2
Project 3: EXT and HFS+ File Systems
 
Windows Registry        
  1

Windows Registry

 

  Registry Tutorial
  Readings      
   

Windows Registry Forensics, Forensics Magazine, John Barbara

A Forensic Analysis of the Windows Registry, Farmer, Forensic Focus

 

 

 

   

Project 4: Windows Registry

   
Mobile Device Forensics
  Readings 
    Android Device Forensics    
    Forensics Analysis on iOS Devices    
    Guidelines for Mobile Device Forensics, NIST, 2013 (most important)    
Solid State Drives    
  Readings      
   

John Barbara: SSD Forensics, DFI Magazine.

   

 

 

 

FrontPage

Supporting Courses

 

 

Comments (0)

You don't have permission to comment on this page.