Date(s) - 03/10/2020
Criminals rely on the intricacies of operating systems like Windows, macOS, and Linux to conceal their activities and hide data. However, a skilled digital forensics expert knows the places to look and the tools to use to access evidence of their crimes. This course covers all the major concepts and tools of the growing field of operating system forensics. Instructor Jungwoo Ryoo (J.R.) reviews the fundamentals: the goals, history, and roles of operating system forensics and the future of the industry. He then shows how to acquire evidence from file systems, slack space, alternate data streams, and main memory. He uses a combination of free and commercial software, so students can practice techniques like file recovery and live acquisition with the tools that are within their budgets.
What you’ll learn
- Core concepts of operating system forensics
- Job prospects in operating system forensics
- File systems: Windows, Linux, and Mac
- Acquiring data from file systems
- Recovering files with data carving
- Finding data in slack space
- Live acquisition
- Acquiring data from alternate data streams
Professor of Information Sciences and Technology at Penn State University
Jungwoo Ryoo teaches IT, cyber security, and risk analysis at Penn State.