|
Topics
|
|
Link |
Introduction |
|
|
Introduction & expectations that apply to all of my courses. Once you've had one course with me you'll know what I expect in every other course, but make sure you view this first!
Length: 22 Minutes
|
|
Introduction to Dr. Craiger's courses
|
|
|
Syllabus contents and class details to CET4861. These are the gritty details of the course. Please make sure to read the syllabus thoroughly and follow along with this lecture.
Length: 11 Minutes
|
|
Introduction to CET4861
|
4860 Review (Dr. Craiger's way) |
|
Videos for review only |
|
|
Introduction to forensics, basic forensics procedures, and dealing with evidence
Length: 28 Minutes
|
|
Forensic process
|
|
|
Steps to create a disk image, verify a disk image, and document the process.
Length: 8 Minutes
|
|
Imaging
|
|
|
One-way cryptographic hashing. Verify files with MD5 cryptographic hashes on Linux and windows. Analyze a disk image safely in read-only mode.
Length: 21 Minutes
|
|
Verification |
|
|
A look at the details of the Virtual File Allocation Table File System (VFAT)
Length: 30 Minutes
|
|
VFAT file system |
|
Sample of Tools for Forensic Examination |
|
|
Brief overview of FTK Imager such as adding a drive, creating a hash of a drive, and creating a disk image.
Length: 19 Minutes
|
|
FTK Imager |
|
|
Creating an image and file hashes using ProDiscover
Length: 17 Minutes
|
|
ProDiscover |
|
|
How to image and verify a drive using Linux. Use dd to image a drive in Linux, obtain file information with file, and multiple methods to create and view hashes.
Length: 20 Minutes
|
|
Linux dd |
|
Readings |
|
|
Craiger - Computer Forensics Procedures |
|
Craiger - Computer Forensics Procedures |
Assignment |
NTFS |
|
|
Microsoft's New Technology File System (NTFS).
Length: 27 Minutes
|
|
NTFS 1 of 2 |
|
|
Continuation of the first NTFS video
Length: 23 Minutes
|
|
NTFS 2 of 2 |
|
|
A brief look at some of the things in NTFS.
Length: 6 Minutes
|
|
NTFS Demo |
|
|
Hiding data using Alternate Data Streams in NTFS
Length: 15 Minutes
|
|
Alternate Data Streams |
|
|
Install Sleuthkit and use it to forensically analyze an image of a file system.
Length: 30 Minutes
|
|
Sleuthkit |
Assignment |
Mac and Linux file systems |
|
1 |
Macintosh file structure and the Hierarchical File System Extended Format (HFS+)
Length: 28 Minutes
|
|
HFS+ |
|
2 |
Linux and the EXT file system part 1
Length: 31 Minutes
|
|
EXT 1 of 2 |
|
3 |
Linux and the EXT file system part 2
Length: 31 Minutes
|
|
EXT 2 of 2 |
|
Readings |
|
|
Mac Forensics (Burke & Craiger) |
|
Mac Forensics (Burke & Craiger) |
|
|
Mac OS Forensics (Craiger & Burke) |
|
Mac OS Forensics (Craiger & Burke) |
Assignment |
|
Windows Registry |
|
|
|
|
|
1 |
Windows Registry
|
|
HFS+ |
|
Readings |
|
|
|
|
|
Windows Registry Forensics, Forensics Magazine, John Barbara
Part 1, 2, 3, 4, 5, 6, 7
A Forensic Analysis of the Windows Registry, Farmer, Forensic Focus
|
|
|
Capturing RAM and Swap |
|
|
How to put FTK Imager on a thumb drive
Length: 7 Minutes
|
|
FTK Imager (imager and RAM capture tool) |
|
|
Where can you find information on a running computer, capturing ram and virtual memory and extracting information from it.
Length: 18 Minutes
|
|
Capturing RAM and Swap files |
|
Readings |
|
|
|
|
RAM Capture Readings |
Assignment |
Honeypots |
|
|
Honeypots are 'fake' servers that appear to be vulnerable. They are placed on networks as a means of identifying attacks that are being perpetrated on your network. |
|
Honeypots |
|
Readings |
|
|
|
Email investigations |
|
|
|
|
Introduction to FTK |
|
Readings |
|
|
Chapters 10 - Recovering Graphics Files and Chapter 12 - Email Investigations |
|
|
Assignment |
Mobile Device Forensics |
|
|
|
|
|
|
Readings |
|
|
|
|
iPhone forensics |
|
|
|
|
Forensics of iPhone backup made by iTunes |
|
|
|
|
Forensics analysis of an iPhone |
|
|
|
|
|
Final Assignment |
|
|
|
|
Final Assignment |
|
|
|
|
|
Comments (0)
You don't have permission to comment on this page.