Company: O'Reilly Author: Ric Messier Full Title: Forensic Analysis Of Disk-based Evidence Year: 2017 Language: English Genre: Educational: Networked Storage & File Systems Skill Level: - Price: - - Files: MP4 Time: 02:36:10 Video: AVC, 1280 x 720 (1.778) at 29.970 fps, 600 kbps Audio: AAC at 125 Kbps, 2 channels, 48.0 KHz Today, our information- and knowledge-based economy generates vast amounts of data that is at some point saved to storage devices, such as hard drives or solid-state drives or chips, or portable devices like USB sticks. Still and video cameras also contain cards to store images. Understanding how all of these devices are formatted and how to get data from them is critical to a forensic investigator. Both law enforcement and corporate investigators need to understand the value and techniques of searching for evidence of crime or intrusions on computer systems. Designed for people with entry- to intermediate-level knowledge of computer systems and data storage systems, this course benefits those without much practical experience in regard to digital forensics and includes instruction and demonstrations. In it, you’ll see how to use SleuthKit, an open source collection of command-line tools and a C library with which you can analyze disk images. You’ll learn about the main file storage architectures such as File Allocation Table (FAT), NT File System (NTFS), and ext2/3. You’ll learn how to conduct basic forensic procedures to extract valuable information that could be crucial in uncovering illegal activities or revealing whether a device has been the target of an attack. Lessons: Introduction 01. Welcome 02. About The Author File Systems 03. File System Basics 04. FAT 05. NTFS 06. UFS 07. ext Family 08. HFS+ 09. BIOS Parameter Block Sleuth Kit 10. What Is The Sleuth Kit? 11. Getting Image Information 12. Partition Analysis With mmls 13. Volume Analysis With mmstat 14. File System Analysis with fsstat (NTFS) 15. File System Analysis With fsstate (EXT) 16. Directory Listings With fls 17. Metadata Analysis With ils 18. Block Analysis With blkstat 19. Getting A Timeline 20. Slack Space 21. Converting Disk Images 22. Importing To Autopsy 23. Browsing In Autopsy Disk Analysis With Commercial Tools 24. Importing Data Into EnCase 25. Searching In EnCase 26. Browsing In EnCase 27. Importing Data Into FTK 28. Searching In FTK 29. Browsing In FTK 30. Importing Data Into BlackLight 31. Searching In BlackLight 32. Browsing In BlackLight Data Extraction 33. Following Data In The SleuthKit 34. Pulling Data Out Of Filesystems With The SleuthKit 35. Configuring Scalpel 36. Using Scalpel 37. Using Alternate Data Streams 38. Using streams 39. Exporting Files From EnCase 40. Exporting Files From FTK 41. Exporting Files From BlackLight Conclusion 42. Wrap Up Our members see more. Join us! ------------- Our members see more. Join us!
