MI 5-8 | Written Exam 60 min (K60) |
Topics |
- Cyber criminals :: computer as crime vehicle
- Forensic methodology, Locards exchange principle, types of evidence, the forensic process, chain of custody
- Identification, duplication and preservation of digital evidence, file system analysis
- Persistence of deleted file information, reconstruction of events
- Hide & seek: anti-forensics
- Unix and Windows system analysis
- Forensic tool sets and forensic hardware
- Intrusion detection and incident response
|
Goodies |
|
Course material |
| Chapter |
SHA-1 checksum |
| (01) Introduction: |
| 2 slides per page |
69d5ae5c33d1159bcaea8e1453dc2005e918b8ef |
| 4 slides per page |
b176f57c760b9be2c8300a98584c77a0b3433b77 |
| (02) Cybercrime and Digital Evidence |
| 2 slides per page |
f679461e8d588f83256e74118fce572f4e1e3aee |
| 4 slides per page |
32a4c4c7c08c0eb1a562a662d2a78060e73e5531 |
| (03) Digital Crime Scene Investigation Process |
| 2 slides per page |
2ef41d78ec371e781350817e4b10cedde661be6a |
| 4 slides per page |
8a290e5e163bbccfacc89cb256f2b31fd2e65a89 |
| (04) Data Organization and Hardware Technology |
| 2 slides per page |
0a3449f46b4afca0563efdb8e21f68b4e943e711 |
| 4 slides per page |
902927d2fa955225d77ff93718654adf10ea00a0 |
| (05) System Start Internals |
| 2 slides per page |
434703364d758f47b83bc26f9ec3669531eeac9e |
| 4 slides per page |
4a0a3a2a1de7cb944a5f4175458cf4c500f95081 |
| (06) System Information |
| 2 slides per page |
86e208059958fe5a9b753f76127e7b464f3a50c2 |
| 4 slides per page |
3f09328de9b000d23bf147d58118df90baabbf89 |
| (07) Live Investigation |
| 2 slides per page |
55a654da15c420be10301a9a084e8b3b12cd6a2a |
| 4 slides per page |
a6800468876dec0ddc5a496bef0f4062f5665ece |
| (08) Duplication and Preservation of Digital Evidence :: Secrets & Solutions + Law Enforcement |
| 2 slides per page |
cf4b76a350d9c9941a5c73dabe9980dfbfcd9cb9 |
| 4 slides per page |
e22cd931c968ef28661fbe59322b04e2995e5355 |
(09) Data Analysis & Data Manipulation + Anti-Forensic Techniques :: Hide & Seek
|
| 2 slides per page |
2cf724878d60732c580acc1fa7cf7095d28e24eb |
| 4 slides per page |
6d8566c9b037b6c8f88049f2f05f2eb1737979e8 |
Tools |
| (T01) HPA, DCO, ATA-/HDD passwords :: detect, change, manipulate, crack |
| ToolzKap04.zip |
096cfc185e3af70e929445781e3ea370c9afd26d |
| (T02) MBR, Hex Viewer, Data Dumper, ADS, Streams, Slack |
| ToolzKap05.zip |
a44987ac69fdba97045a77612869ac6b81ef0e5c |
| (T03) Tools chapter 6 |
| ToolzKap06.zip |
d01f01ab8a5856d3ac6602292fa2ba7a52959f8b |
| Tools Sysinternals-zip.zip |
18d13f3d28eb8f16e346d734c718fd6cd1af732e |
| Tools Sysinternals-dir.zip |
6da0c6f1a33d9e0cfa3c1cc24af9fffd975f3a6b |
| (T04) Tools chapter 7 |
| ToolzKap07.zip |
583860642a4897621bce6f6cb4f3f862dbb23aad |
| (T05) Tools chapter 8 |
| ToolzKap08.zip |
51a7f3c5ff1b296b006e50468fdfef3f9a5db750 |
| (T06) Tools chapter 9 |
| ToolzKap09.zip |
72d68738d1d47428d94fcb5f746130c7dd0b32a3 |
