This is the first video of the Computer forensics course (tutorial) at Duckademy. To do computer forensics, understanding the NTFS file system and the inner workings of resident and non-resident files is a must. To DOWNLOAD the evidence files and the commands used in the video go to http://www.duckademy.com
The goal of the Computer forensic course is teaching you how to collect evidence in case of an incident and to investigate how the intruders came in, what data they have stolen, if they have harmed your system.
In addition we will give you advice on what you can do to block the next attack.
The Computer forensics course will cover:
– Recovering NTFS file system and looking for evidence
– Recovering FAT16 and FAT32 file system
– Acquiring saved passwords from the password managers of browsers
– Browser history and cache file recovery to investigate the users’ internet usage
– Getting the content (e.g. emails, contacts) from an encrypted Outlook PST file
– Recovery of Exchange MDB, Active Directory NTDS.DIT and similar files
– ZIP file recovery
– RAM analysis of Windows and Linux servers with Volatility
IN THIS VIDEO of the Computer forensics course (tutorial) you will learn the inner workings of the NTFS file system to be able to recover files and look for evidence later.
For this we will cover:
01:21 Role of the resident files and how to retrieve them
24:36 Non-resident files in NTFS and their role in the file system