A course giving an understanding how and where to look for digital evidence in different systems, analyse it with necessary levels of granularity and documenting the evidence collection and analysis process. We explore a several filesystems - FAT, NTFS, EXT2/4, HFS+, operating systems - Windows 7/10, Debian based Linux, Android, iOS, OSX
We will use freeware and open source tools like Accessdata FTK Imager, Sleuthkit SDK and Autopsy and many more small utilities for extraction of different system artifacts.
We look at different digital investigation methods like file carving, string indexing, timestamp conversion, sorting and filtering techniques and more.
- Õpetaja/Teacher: Pavel Chikul