Informatique

File-system post-mortem forensic analysis

In collaboration with
Objectives
  • Perform disk acquisition the right way
  • Introduce to file system analysis (NTFS/FAT)
  • Analyse operating system artefacts (MS Windows)
  • Find evidence in communication applications (e.g. browser or chat history)
Programme

Forensic Analysis is based on the assumption that everything leaves a trace behind. A trace in an information system can be any data that helps to identify space and time actions. Postmortem analysis is a key tool to discover and analyse security incidents. This course will teach the participants how to find answers to what has happened by analysing different layers from the physical medium to the file system up to the application level.

Target audience

IT department staff - Local Incident Response Team

Prerequisites

Knowledge of operating systems and IT security is required

Certificate

At the end of the training, the participants will receive a certificate of participation delivered by the House of Training.

Course material
The printed course material will be delivered at the beginning of the course.
Formation
Formation
& Examen
Examen
EN

Sur demande

8 h
255,00 EUR