cet4861 - Advanced Digital Forensics

If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.
Whenever you search in PBworks or on the Web, Dokkio Sidebar (from the makers of PBworks) will run the same search in your Drive, Dropbox, OneDrive, Gmail, Slack, and browsed web pages. Now you can find what you're looking for wherever it lives. Try Dokkio Sidebar for free.

Sleuthkit

Page history last edited by Patrick 4 years, 3 months ago

NTFS - Video 5 (30 minutes)

Sleuthkit

Lecture Overview:

Install Sleuthkit and use it to forensically analyze an image of a file system:

Install SleuthKit under Mint - (0:40)
fsstat - (3:36, 14:42)
fls - (4:11, 19:00)
SleuthKit Overview - (5:02)
NTFS & SleuthKit - (7:17)
Conceptual Model of SleuthKit - (9:32)
Command line utilities - (10:41)
ils - (11:54, 18:05)
example usage - (13:42)
File Types - (19:59)
Find Inodes of Deleted Files - (20:28)
istat - (20:54)
Recover a file - (23:14)
icat - (23:54)
commands on an NTFS file system - (25:03)

Download:

(Right click this link and use "Save As...") The Sleuth Kit

Additional Resources:

Sleuth Kit Documents

All Course Lectures

You

now

1 hr ago

1 hr ago

1 hr ago

2 hrs ago

2 hrs ago

3 hrs ago

5 hrs ago

6 hrs ago

6 hrs ago

Comments (0)

You don't have permission to comment on this page.