CET4861 Lectures Page
Lectures that are useful for the materials in this course will be posted on this page. In addition to lectures produced for this class, this page also includes lectures from other courses.
I strongly suggest you download these files to your computer, that way you can view the video on your host system and have access to it at any time (even when you are offline). Also, run the video in your host system (Windows, whatever) and have your VM open while I work through the video. Pause the video when I run the command, duplicate the command. Does it work? Great! You're doing it correctly. Doesn't work? You're doing it wrong! That's the only way to learn, by DOING! Now have fun!
|
Topics
|
|
Link |
Introduction |
|
|
|
|
|
|
|
Setting Up
- If you haven't previously had a class with me which has used VMware or Linux, this will help you get started.
|
|
Installing Mint
|
4860 Review
|
|
Videos for review only |
|
|
Introduction to forensics, basic forensics procedures, and dealing with evidence
Length: 28 Minutes
|
|
Forensic process
|
|
|
Steps to create a disk image, verify a disk image, and document the process.
Length: 8 Minutes
|
|
Imaging
|
|
|
One-way cryptographic hashing. Verify files with MD5 cryptographic hashes on Linux and windows. Analyze a disk image safely in read-only mode.
Length: 21 Minutes
|
|
Verification |
|
|
A look at the details of the Virtual File Allocation Table File System (VFAT)
Length: 30 Minutes
|
|
VFAT file system |
|
Sample of Tools for Forensic Examination |
|
|
Brief overview of FTK Imager such as adding a drive, creating a hash of a drive, and creating a disk image.
Length: 19 Minutes
|
|
FTK Imager |
|
|
Creating an image and file hashes using ProDiscover
Length: 17 Minutes
|
|
ProDiscover |
|
|
How to image and verify a drive using Linux. Use dd to image a drive in Linux, obtain file information with file, and multiple methods to create and view hashes.
Length: 20 Minutes
|
|
Linux dd |
|
Readings |
|
|
Craiger - Computer Forensics Procedures |
|
Craiger - Computer Forensics Procedures |
Project 1: Tool Validation |
NTFS |
|
|
Microsoft's New Technology File System (NTFS).
Length: 27 Minutes
|
|
NTFS 1 of 2 |
|
|
Continuation of the first NTFS video
Length: 23 Minutes
|
|
NTFS 2 of 2 |
|
|
A brief look at some of the things in NTFS.
Length: 6 Minutes
|
|
NTFS Demo |
|
|
Hiding data using Alternate Data Streams in NTFS
Length: 15 Minutes
|
|
Alternate Data Streams |
|
|
Install Sleuthkit and use it to forensically analyze an image of a file system.
Length: 30 Minutes
|
|
Sleuthkit |
Project 2: NTFS File System |
Mac and Linux file systems |
|
1 |
Macintosh file structure and the Hierarchical File System Extended Format (HFS+)
Length: 28 Minutes
|
|
HFS+ |
|
2 |
Linux and the EXT file system part 1
Length: 31 Minutes
|
|
EXT 1 of 2 |
|
3 |
Linux and the EXT file system part 2
Length: 31 Minutes
|
|
EXT 2 of 2 |
Project 3: EXT and HFS+ File Systems |
|
Windows Registry |
|
|
|
|
|
1 |
Windows Registry
|
|
Registry Tutorial |
|
Readings |
|
|
|
|
|
Windows Registry Forensics, Forensics Magazine, John Barbara
A Forensic Analysis of the Windows Registry, Farmer, Forensic Focus
|
|
|
|
|
Project 4: Windows Registry
|
|
|
Mobile Device Forensics |
|
Readings |
|
|
Android Device Forensics |
|
|
|
|
Forensics Analysis on iOS Devices |
|
|
|
|
Guidelines for Mobile Device Forensics, NIST, 2013 (most important) |
|
|
Solid State Drives |
|
|
|
Readings |
|
|
|
|
|
John Barbara: SSD Forensics, DFI Magazine.
|
|
|
FrontPage
Supporting Courses

Comments (0)
You don't have permission to comment on this page.