Introductory File Systems Forensics
*(ISC)² Members/Associates can access this course for free by logging in above and clicking the 'My Courses' menu item.
Every device has a type of file system to store its data, so you'll get the vast majority of forensically relevant information about a cybercrime from device collection and analysis. This Hands-On Lab course will introduce you to the process of imaging and forensically analyzing disks, including finding artifacts such as deleted files. While the techniques here, traditionally apply to law enforcement forensics cases, they are equally useful for the discovery of potential wrongdoing, internal enterprise compliance checks, recovery of accidentally deleted data, and digital archive preservation. The key is preserving the sanctity of the evidence so the artifact can be submitted. By the end of this course, you will possess a deeper understanding of how to extract evidence from a hard drive.
This course includes the following five (5) labs: 1) Create a Forensic Disk Image 2) Perform Basic Analysis Using the Sleuth Kit 3) Explore a Forensics Image with Autopsy 4) Recover Deleted Images and Videos 5) Generate an Autopsy Report
Audience or Who Should Take This Course
Experienced cyber, information, software and infrastructure security professionals who better want to understand the process of imaging and forensically analyzing disks, including finding artifacts such as deleted files.
Familiarity with security concepts.
How This Course Works
Lab content within this course take place within a Windows 10 64bit virtual machine. Before each lab topic, you will be asked to watch an instructional video that will guide you through the content and review the necessary background information to complete the lab assignment. There is no time restriction, but this lab will take approximately two hours to complete. The exercises are intended to be completed in sequential order, and all elements within the lab are required to complete the course.
At the end of the course, you will be asked to take a final assessment. Please note that you must score 70% or higher on the final assessment and complete the course evaluation prior to receiving a certificate of completion and earning (2) continuing professional education (CPE) credits.
Please make sure at the end of the course that you download and retain the certificate of completion as proof of credits earned. CPEs earned for this course may be eligible for continuing professional education credits for non-(ISC)² certifications. Please visit the continuing education requirements established by the credentialing organization for eligibility.