Operating System Forensics
1h 41mIntermediate2024-09-16
Authors

Jungwoo Ryoo
Teaches IT, cybersecurity, and risk analysis at Penn State
Course details
Criminals rely on the intricacies of operating systems like Windows, macOS, and Linux to conceal their activities and hide data. However, a skilled digital forensics expert knows the places to look and the tools to use to access evidence of their crimes. This course covers all the major concepts and tools of the growing field of operating system forensics. Instructor Jungwoo Ryoo (J.R.) reviews the fundamentals: the goals, history, and roles of operating system forensics and the future of the industry. He then shows how to acquire evidence from file systems, slack space, alternate data streams, and main memory. Jungwoo uses a combination of free and commercial software, so you can practice techniques like file recovery and live acquisition with the tools that are within your budget.
Learning objectives
Understanding operating system forensics.
Understanding job prospects in operating system forensics.
Using GParted.
Using Hex editors.
Preparing for certifications.
Acquiring data from various sources including file systems, main memory, and operating system logs.
Learning objectives
Understanding operating system forensics.
Understanding job prospects in operating system forensics.
Using GParted.
Using Hex editors.
Preparing for certifications.
Acquiring data from various sources including file systems, main memory, and operating system logs.
Skills covered
Incident ResponseCybersecurityOne-Off
Concepts
0. Introduction
- 01 - Operating system forensics
- 02 - What you should know
1. Operating Systems and Digital Forensics
- 03 - Introduction to OSs and digital forensics
- 04 - History
- 05 - Core concepts
- 06 - Roles in computing
- 07 - Process management hands-on
- 08 - Roles in forensics
- 09 - Future
2. File System Types
- 10 - Introduction to file system types
- 11 - Windows file systems
- 12 - Windows hands-on
- 13 - Linux file systems
- 14 - Linux hands-on
- 15 - Apple file systems
- 16 - Apple hands-on
3. File Recovery
- 17 - Introduction to file recovery
- 18 - Data carving
- 19 - Data carving preparation
- 20 - Data carving hands-on
- 21 - Slack space
- 22 - Data hiding and ADS
- 23 - Data hiding hands-on
4. Live Acquisition
- 24 - Introduction to live acquisition
- 25 - Addressing
- 26 - Memory structure
- 27 - Virtual memory
- 28 - Memory dump analysis with Volatility
- 29 - Processes
- 30 - Network connections
- 31 - Challenge
- 32 - Solution
Conclusion
- 33 - Next steps
Related courses
- Operating System Forensics (2019)
- CISSP Cert Prep (2021): 7 Security Operations
- CCSP Cert Prep: 5 Cloud Security Operations
- SecOps on Google Distributed Cloud (GDC) for Tier 1 and Tier 2 Analysts by Google
- CompTIA SecurityX (CAS-005) Cert Prep
- SSCP Cert Prep: 4 Incident Response and Recovery
- Linux: System Information and Directory Structure Tools (2017)
- IT Security Foundations: Operating System Security
Related learn paths
- Explore a Career in Computer Forensics
- Cybersecurity Fundamentals
- Become an IT Security Specialist
- Prepare for the CompTIA Cybersecurity Analyst (CySA+) (CS0-003) Certification
- Prepare for the ISC2 Certified Cloud Security Professional (CCSP) Certification Exam (2022)
- Wireshark: Network Traffic Analysis
- Prepare for the ISC2 Information Systems Security Professional (CISSP) Certification Exam (2021)
- Prepare for the ISC2 Systems Security Certified Practitioner (SSCP) Exam