Computer Forensics is a new field in Computer Science and is becoming more and more important every year. Less than 25 years old, it has changed much in its short history. The age of “Nintendo Forensics”, where you could just push buttons to do most analysis, is over. Nowadays, you must work on live systems leveraging tools which require interaction with the examiner. This beginning class focuses on the Windows OS. You will gain experience with the practical side of investigation and provide lots of hands-on experimental practice with many different programs and technologies.
Note: this course was previously titled Windows Forensic Analysis (2 Days). If you took this course under its previous name there is no requirement to take it again.
Performance Objectives: Upon completion of this course you should be able to:
- Define what is Computer Crime.
- Understand the need for live investigation.
- Set up a Chain of Custody.
- Collect data from a live Windows OS.
- Explain the difference between live and postmortem analysis.
- Dump the contents of physical RAM for analysis.
- Analyze memory dumps.
- Analyze the registry.
- Understand files and the file system forensically.
- Understand rootkits and their detection.
- Use many tools and programs e.g. Wireshark, Netcat.
Competencies covered in this course: Operating and Network Systems Security.
Intended Audience: This course is public sector employees interested in Computer Forensics.
Prerequisites: Use of Windows XP, 7 or equivalent.