• If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • Dokkio Sidebar (from the makers of PBworks) is a Chrome extension that eliminates the need for endless browser tabs. You can search all your online stuff without any extra effort. And Sidebar was #1 on Product Hunt! Check out what people are saying by clicking here.


All Course Lectures

This version was saved 7 years, 11 months ago View current version     Page history
Saved by Philip Craiger
on September 11, 2014 at 1:44:26 pm

CET4861 Lectures Page


Lectures that are useful for the materials in this course will be posted on this page. In addition to lectures produced for this class, this page also includes lectures from other courses.


I strongly suggest you download these files to your computer, that way you can view the video on your host system and have access to it at any time (even when you are offline).  Also, run the video in your host system (Windows, whatever) and have your VM open while I work through the video. Pause the video when I run the command, duplicate the command.  Does it work? Great! You're doing it correctly.  Doesn't work? You're doing it wrong!  That's the only way to learn, by DOING!  Now have fun!



Introduction & expectations that apply to all of my courses.  Once you've had one course with me you'll know what I expect in every other course, but make sure you view this first!


Length: 22 Minutes


Introduction to Dr. Craiger's courses


Syllabus contents and class details to CET4861.  These are the gritty details of the course.  Please make sure to read the syllabus thoroughly and follow along with this lecture.


Length: 11 Minutes


Introduction to CET4861

4860 Review (Dr. Craiger's way)
  Videos for review only 

Introduction to forensics, basic forensics procedures, and dealing with evidence


Length: 28 Minutes

  Forensic process

 Steps to create a disk image, verify a disk image, and document the process.


Length: 8 Minutes


One-way cryptographic hashing. Verify files with MD5 cryptographic hashes on Linux and windows. Analyze a disk image safely in read-only mode.


Length: 21 Minutes


A look at the details of the Virtual File Allocation Table File System (VFAT) 


Length: 30 Minutes

  VFAT file system 
  Sample of Tools for Forensic Examination 

Brief overview of FTK Imager such as adding a drive, creating a hash of a drive, and creating a disk image.


Length: 19 Minutes

  FTK Imager

Creating an image and file hashes using ProDiscover


Length: 17 Minutes 


How to image and verify a drive using Linux. Use dd to image a drive in Linux, obtain file information with file, and multiple methods to create and view hashes.


Length: 20 Minutes

  Linux dd
Craiger - Computer Forensics Procedures    Craiger - Computer Forensics Procedures

Microsoft's New Technology File System (NTFS). 


Length: 27 Minutes

  NTFS 1 of 2

Continuation of the first NTFS video 


Length: 23 Minutes

  NTFS 2 of 2 

A brief look at some of the things in NTFS.


Length: 6 Minutes

  NTFS Demo

Hiding data using Alternate Data Streams in NTFS


Length: 15 Minutes

  Alternate Data Streams

Install Sleuthkit and use it to forensically analyze an image of a file system.


Length: 30 Minutes

Mac and Linux file systems

Macintosh file structure and the Hierarchical File System Extended Format (HFS+)


Length: 28 Minutes 


Linux and the EXT file system part 1


Length: 31 Minutes 

  EXT 1 of 2

Linux and the EXT file system part 2


Length: 31 Minutes 

  EXT 2 of 2
Mac Forensics (Burke & Craiger)    Mac Forensics (Burke & Craiger)
Mac OS Forensics (Craiger & Burke)    Mac OS Forensics (Craiger & Burke)
Windows Registry        

Windows Registry



Windows Registry Forensics, Forensics Magazine, John Barbara

Part 1, 2, 3, 4, 5, 6, 7


A Forensic Analysis of the Windows Registry, Farmer, Forensic Focus




Capturing RAM and Swap

How to put FTK Imager on a thumb drive


Length: 7 Minutes 

  FTK Imager (imager and RAM capture tool) 

Where can you find information on a running computer, capturing ram and virtual memory and extracting information from it. 


Length: 18 Minutes

  Capturing RAM and Swap files
    RAM Capture Readings
Honeypots are 'fake' servers that appear to be vulnerable.  They are placed on networks as a means of identifying attacks that are being perpetrated on your network.   Honeypots
Email investigations
    Introduction to FTK 
Chapters 10 - Recovering Graphics Files and Chapter 12 - Email Investigations    
Mobile Device Forensics
  iPhone forensics
    Forensics of iPhone backup made by iTunes
    Forensics analysis of an iPhone
Final Assignment
        Final Assignment 





Supporting Courses



Comments (0)

You don't have permission to comment on this page.