Digital Forensics: Getting Started with File Systems
Pluralsight
Course Summary
In this course, you'll learn how to forensically investigate some of the most common file systems across the Windows, Linux, and Mac OS X operating systems.
-
+
Course Description
Do you like the idea of being able to find what others cannot? In this course, Digital Forensics: Getting Started with File Systems, you'll dive into learning about digital forensics, file systems, and how digital forensic investigators use them to prove what did or did not happen on a system. You'll begin by covering topics, such as tracks, sectors, clusters, blocks, and slack space. Next, you'll explore deeper into permissions and metadata. Finally, you'll take a look into time stamps, and journaling all while making use of Autopsy as your tool. By the end this course, you’ll know how to navigate Autopsy and the native Windows, Linux, and Mac OS X operating systems to find file system level forensic evidence.
-
+
Course Syllabus
Course Overview- 1m 7s
—Course Overview 1m 7sGetting Started with New Technology File System (NTFS)- 35m 32s
—Introduction to NTFS 1m 50s
—Preparing Your Environment for Forensic Analysis 1m 24s
—Basics of Hard Disks 2m 19s
—Tracks, Sectors, Clusters, and Slack Space 2m 27s
—Timestamps 1m 36s
—Metadata 1m 38s
—Journaling 2m 6s
—Permissions 0m 57s
—Master File Table 1m 43s
—Change Journal 1m 0s
—Anti-forensic Methods 1m 58s
—Demo: NTFS 15m 18s
—Summary and What's Next 1m 10sWorking with Extended File System (EXT)- 19m 8sAnalyzing with Hierarchical File System Plus (HFS+)- 14m 28s
