Welcome to CSIA200 Computer Forensics. In this class you will learn several things about digital forensics including, the pertinent laws, how to perform the steps in a forensics investigation, and the technical theory behind things like deleted files and file systems, passwords and encryption, registry, and web browser data files. You will also learn how to perform analysis on forensics disk images using a variety of tools.
1 – Course Introduction
- Course Tips (Video)
- The Virtual Machine You Will Need Later In The Class
- Introduction to Using the Class Virtual Machine (Video)
- Download the VM Appliance File (.Zip file you will need to extract)
- Installing The Class Virtual Machine Step 1: Installing Oracle Virtual Box Manager (Video)
- Installing The Class Virtual Machine Step 2: Downloading and Installing the VM File (Video)
- Installing The Class Virtual Machine Step 3: Logging On the VM and a Brief Tour (Video)
- [OPTIONAL] Troubleshooting Problems with Virtual Box VMs (Video)
2 – Overview of Computer Forensics
- Section Overview – What Are Forensics and Digital Forensics (Video)
- History of Forensics (Video)
- General Steps in a Forensics Investigation (Video)
- Introduction to Laws and the US Legal System (Video)
- Trials (Video)
- Testimony (Video)
- Evidence (Video)
- [Optional reading] [WARNING – Graphic Content] How bad science is undermining America’s justice system
- The Judge (Video)
- Bill of Rights & Search Warrants (PDF)
- Laws Defining Computer Crimes (PDF)
- Legal Standards Covering Forensics Tools (PDF)
- Choosing A Forensics Toolkit or Suite of Tools (PDF)
3 – Acquisition
4 – Analyzing Data: Introduction
5 Analyzing Data: String Search
- String Search Practice Images (ZIP)
- Adding A Forensics Disk Image as Evidence in FTK (Video)
- FTK String Search Details (Video 6:54)
- FTK String Search – Import Word List (Video 1:42)
- FTK Live Search – Case, Whole Words (Video 4:54)
- FTK Live Search – Basics of Building Regular Expressions (Video 10:16)
6 Analyzing Data: Registry
- Section Introduction (Video 4:24)
- Introduction to Registry (Video 6:36)
- Discovering Registry Keys (Video)
- Discovering Registry Keys with RegSnap (Video 10:01)
7 – Encryption
- Lab Manual (PDF)