Digital Forensics: Getting Started with File Systems
In this course, you'll learn how to forensically investigate some of the most common file systems across the Windows, Linux, and Mac OS X operating systems.
What you'll learn
Do you like the idea of being able to find what others cannot? In this course, Digital Forensics: Getting Started with File Systems, you'll dive into learning about digital forensics, file systems, and how digital forensic investigators use them to prove what did or did not happen on a system. You'll begin by covering topics, such as tracks, sectors, clusters, blocks, and slack space. Next, you'll explore deeper into permissions and metadata. Finally, you'll take a look into time stamps, and journaling all while making use of Autopsy as your tool. By the end this course, you’ll know how to navigate Autopsy and the native Windows, Linux, and Mac OS X operating systems to find file system level forensic evidence.
Table of contents
- Introduction to NTFS 2m
- Preparing Your Environment for Forensic Analysis 1m
- Basics of Hard Disks 2m
- Tracks, Sectors, Clusters, and Slack Space 2m
- Timestamps 2m
- Metadata 2m
- Journaling 2m
- Permissions 1m
- Master File Table 2m
- Change Journal 1m
- Anti-forensic Methods 2m
- Demo: NTFS 15m
- Summary and What's Next 1m
About the author
Evan is an engineer by nature and a security professional by trade with over a decade of experience in technology and security. Evan's professional experience has provided him with multiple perspectives on his trade, including roles in the military, technology services, Big 4 consulting, Fortune 100 financial services, Fortune 50 retailers, and university professor. Evan has a Master of Science in Information Systems, Master of Business Administration, and Bachelor of Information Technology degr... more