DIGITAL FORENSICS:FILE SYSTEM FORENSIC ANALYSIS

DIGITAL FORENSICS:File system Forensic Analysis

The Computer Incident Response Center Luxembourg (CIRCL)

Abstract

Forensic Analysis is based on the assumption that everything leaves a trace behind. A trace in an information system can be any data that helps to identify space and time actions. Post mortem analysis is a key tool to discover and analyse security incidents. This course will teach the participant on how to find answers to what has happened by analysing different layer from the physical medium to the file system up to the application level.

Goals

• Perform disk acquisition the right way
• Introduce to file system analysis (NTFS/FAT)
• Analyse operating system artifacts (MS Windows)
• Find evidences in communication applications (e.g. browser or chat history)

Who

IT department staff - Local Incident Response Team

Level

Knowledge of operating systems and IT security is required

Duration

8 hours

Language

English, German

Training materials freely available

Digital Forensics - An Introduction - Training Materials

CIRCL FORENSICS TRAINING

Training Materials: Edition May 2020

• Slide Deck: Digital Forensics 1.0.1 - Introduction: Post-mortem Digital Forensics
• Slide Deck: Digital Forensics 1.0.2 - Introduction: File System Forensics and Data Recovery
• Slide Deck: Digital Forensics 1.0.3 - Introduction: Windows-, Memory- and File Forensics
• Disk Image: Exercises SHA1:e67af587c08257dbe1cb0c83fd5f32cb0497b2a6
• Commands: Command Line Cheat Sheet v0.1

Forensics Challenge ZIP

• Slides: Incident Response and Forensics

Use low level tools like ‘xxd’ and ‘dd’ to recover data out of broken ZIP archives.

cyberday.lu 2019

• Slides: Incident Response and Forensics
• USB device: Disk image

Download and dump the image of the USB device over your own USB stick to replay the exercises. Please take care to not accidentally overwrite your internal drive. We advice to use tools like ‘dd’ with root rights only on virtual machines or test PC’s but not on production machines.

ที่มา:

http://circl.lu

หมายเหตุ:เนื้อหาในเว็บไซต์นี้มีขึ้นเพื่อวัตถุประสงค์ในการให้ข้อมูลและเพื่อการศึกษาเท่านั้น

* หากมีข้อมูลข้อผิดพลาดประการใด ขออภัยมา ณ ที่นี้ด้วย  รบกวนแจ้ง Admin เพื่อแก้ไขต่อไป
ขอบคุณครับ

#WINDOWSFORENSIC #COMPUTERFORENSICS #DFIR #FORENSICS #DIGITALFORENSICS #COMPUTERFORENSIC #INVESTIGATION #CYBERCRIME #FRAUD