This course covers how to conduct successful digital forensic examinations in Windows, Linux, and Mac OS, the methodologies used, key technical concepts, and the tools needed to perform examinations. The required technical details of how each operating system works and how to find artifacts is also covered. Topics like File systems, data recovery, memory forensics, executable layouts are discussed in details. Moreover, Hands-On Network Forensics that starts with the core concepts within network forensics, including coding, networking, forensics tools, and methodologies for forensic investigations are covered.
First day attendance is mandatory.Prerequisites: Graduate standing. Note: Students are responsible to both be aware of and abide by prerequisites for CYBR courses for which they enroll, and will be administratively dropped from a course if they have not met prerequisites.
2 Graduate credits
Effective May 6, 2020 to present
- Differentiate between different file systems used by modern operating systems
- Conduct Memory Forensics to extract essential artifacts
- Discover and interpret encrypted traffic
- Correlate data collected from attacks
- Apply a solid foundational grounding in computer forensics science by conducting acquisitions of locally attached devices with various state-of-the-art tools and validate the acquired images.
- Sketch and recover various artifacts from the windows registry such as user account information and network address information.