This course covers how to conduct successful digital forensic examinations in Windows, Linux, and Mac OS, the methodologies used, key technical concepts, and the tools needed to perform examinations. The required technical details of how each operating system works and how to find artifacts is also covered. Topics like File systems, data recovery, memory forensics, executable layouts are discussed in details. Moreover, Hands-On Network Forensics that starts with the core concepts within network forensics, including coding, networking, forensics tools, and methodologies for forensic investigations are covered.
- Differentiate between different file systems used by modern operating systems
- Conduct Memory Forensics to extract essential artifacts
- Discover and interpret encrypted traffic
- Correlate data collected from attacks
- Apply a solid foundational grounding in computer forensics science by conducting acquisitions of locally attached devices with various state-of-the-art tools and validate the acquired images.
- Sketch and recover various artifacts from the windows registry such as user account information and network address information.