Windows Data Forensics Using Linux
This course is for those practitioners using Linux on a daily basis who want to be able to analyze a Windows operating system environment using the Linux operating system environment. You will learn how to use and leverage Linux commands and applications to analyze the most common system artifacts of the Windows operating systems.
What can you expect to learn by working through this course?
How to preview Windows systems using THE FARMER'S BOOT CD (FBCD)
Recycle Bin Identification and Analysis
Event Log Identification and Analysis
Printer Spool File Identification and Analysis
Thumbs.db File Identification and Analysis
User Login Password Identification and Analysis
Alternate Data Stream Identification and Analysis
Encrypting File System (EFS) Identification and Analysis
LNK File Identification and Analysis
File Metadata Identification and Analysis
E-mail Identification and Analysis
Internet History Identification and Analysis
Prerequisites
This course is intended for forensic practitioners, incident response team members, disaster recovery professionals, and anyone whose job duties include acquiring and analyzing electronically stored information. An understanding of basic forensic methodology is a benefit, although not a requirement. Experience with Linux is required.
information
- Course Overview (PDF)
Overview in PDF format for your printing pleasure.
- Sample Module
Request a sample module from the course in PDF format.
- Expect to spend between 50 and 80 hours working through this course depending upon your knowledge and experience.
