- Course
Digital Forensics: Getting Started with File Systems
In this course, you'll learn how to forensically investigate some of the most common file systems across the Windows, Linux, and Mac OS X operating systems.
Intermediate
- Course
Digital Forensics: Getting Started with File Systems
In this course, you'll learn how to forensically investigate some of the most common file systems across the Windows, Linux, and Mac OS X operating systems.
Intermediate
Get started today
Access this course and other top-rated tech content with one of our business plans.
Try this course for free
Access this course and other top-rated tech content with one of our individual plans.
This course is included in the libraries shown below:
- Security
What you'll learn
Do you like the idea of being able to find what others cannot? In this course, Digital Forensics: Getting Started with File Systems, you'll dive into learning about digital forensics, file systems, and how digital forensic investigators use them to prove what did or did not happen on a system. You'll begin by covering topics, such as tracks, sectors, clusters, blocks, and slack space. Next, you'll explore deeper into permissions and metadata. Finally, you'll take a look into time stamps, and journaling all while making use of Autopsy as your tool. By the end this course, you’ll know how to navigate Autopsy and the native Windows, Linux, and Mac OS X operating systems to find file system level forensic evidence.
Digital Forensics: Getting Started with File Systems
Intermediate
Table of contents
-
Introduction to NTFS | 1m 50s
-
Preparing Your Environment for Forensic Analysis | 1m 24s
-
Basics of Hard Disks | 2m 19s
-
Tracks, Sectors, Clusters, and Slack Space | 2m 27s
-
Timestamps | 1m 36s
-
Metadata | 1m 38s
-
Journaling | 2m 6s
-
Permissions | 57s
-
Master File Table | 1m 43s
-
Change Journal | 1m
-
Anti-forensic Methods | 1m 58s
-
Demo: NTFS | 15m 18s
-
Summary and What's Next | 1m 10s