Surviving Digital Forensics: Windows Shellbags
Duration: 1h9m | .MP4 1280x720, 30 fps(r) | AAC, 44100 Hz, 2ch | 257 MB
Genre: eLearning | Language: English
Computer forensic evidence to help prove file use & knowledge
What you'll learn
Extract and analyze windows shellbag records to help prove file use and knowledge
Use freely available forensic tools to conduct shellbag analysis
Construct validation exercises to test how shellbags behave depending on media type
Construct validation exercises to test how shellbags behave according to different types of user activity
Confidently explain what Windows shellbag evidence is to non-technical audiences
Requirements
You need a PC running Win7 or Win8 with admin rights
All forensic tools used are freely available, are included
Your test system should contain no critical data
Description
Welcome to the Surviving Digital Forensics series. This series is focused on helping you become a better computer forensic examiner by teaching core computer forensic skills - all in about one hour. In this class examine how to use Windows Shellbag records to help prove file use and knowledge. Shellbag records are created by certain user activity and can be used to show where a user has navigated to on a computer system and when they did so. Very powerful evidence!
As with previous SDF classes you will learn by doing. The class begins with a brief overview of the issue at hand. Then we set up our forensic systems and off we go. Learning is hands on and we will use low cost and no cost computer forensic tools to do so.
Expert and novice computer forensic examiners alike will gain from this class. Since we are doing it the SDF way we are going to teach you real computer forensic skills that you can apply using our method or customize to meet your needs. You will learn how you can use freely available forensic tools, all GUI based, to extract and analyze Windows Shellbag evidence.
Class Outline
1. Introduction and Welcome to the SDF series
2. Getting the most out of the class
3. Windows Shellbags - an overview
5. Shellbag Deep Dive
6. Setting up your forensic system
7. Validation practical 01 - local system activity
8. Validation practical 02 - attached USBs
9. Validation practical 03 - networked drives
10. Student Practical
11. Student Quiz
12. Reporting options
13. Review
14. Conclusion & thank you
A PC running Win7 or Win8 is required for this course. You need admin rights to the system. The system itself should be a test system containing no critical data. The forensic tools we use are all freely available, so beyond your operating system all you need is the desire to become a better computer forensic examiner.
Who this course is for:
Computer Forensic Analysts
IT Professionals
Students
Download link:
Só visivel para registados e com resposta ao tópico.Only visible to registered and with a reply to the topic.Links are Interchangeable - No Password - Single Extraction