-
Course
- Security
Digital Forensics: Getting Started with File Systems
In this course, you'll learn how to forensically investigate some of the most common file systems across the Windows, Linux, and Mac OS X operating systems.
What you'll learn
Do you like the idea of being able to find what others cannot? In this course, Digital Forensics: Getting Started with File Systems, you'll dive into learning about digital forensics, file systems, and how digital forensic investigators use them to prove what did or did not happen on a system. You'll begin by covering topics, such as tracks, sectors, clusters, blocks, and slack space. Next, you'll explore deeper into permissions and metadata. Finally, you'll take a look into time stamps, and journaling all while making use of Autopsy as your tool. By the end this course, you’ll know how to navigate Autopsy and the native Windows, Linux, and Mac OS X operating systems to find file system level forensic evidence.
Table of contents
- Introduction to NTFS | 1m 50s
- Preparing Your Environment for Forensic Analysis | 1m 24s
- Basics of Hard Disks | 2m 19s
- Tracks, Sectors, Clusters, and Slack Space | 2m 27s
- Timestamps | 1m 36s
- Metadata | 1m 38s
- Journaling | 2m 6s
- Permissions | 57s
- Master File Table | 1m 43s
- Change Journal | 1m
- Anti-forensic Methods | 1m 58s
- Demo: NTFS | 15m 18s
- Summary and What's Next | 1m 10s