Many digital investigations require an understanding of where operating systems store information. Forensic practitioners need to understand the analysis of the three major operating systems they may encounter in a real world analysis. Topics covered will include memory acquisition and analysis, timeline investigation, configuration settings including the Windows registry and tracking information that is stored within operating system settings. The course will cover Windows, Mac OS X and Linux investigations and artifacts.
Apply appropriate digital investigations practices to the acquisition and interpretation of operating system artifacts
Compare different forensics tools that would be used to gather operating system artifacts
Analyze information storage locations used by the operating system to gather potential evidence
Inspect volatile memory and analyze memory captures for potential evidence
The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.