This course will examine in considerable depth how file and operating systems determine the type of information available to examiners. In particular the design and behavior of these systems will be discussed and students will be taught to recover information from these systems at the binary level. The features and limitations of current forensic software tools will also be covered, with particular attention paid to the techniques by which the automated tools interpret data. A range of operating systems will be examined, including PC, mobile phone and embedded systems.
Conduct forensic analysis of PC & server operating systems and software running on those systems
Develop and evaluate methods of analysis of operating systems and applications
Evaluate the evidentiary features of a file system
Conduct an analysis of and report on user activity on an operating system
The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.