| Price |
|---|
File Systems Forensics & Data Structures
- What do we need to know? (Signed and Unsigned Integers, Bit assignment, Time representations (DOS32, Win64,Unix/C).
- Introduction to the concept of file system
- References to data
- Metadata of the referenced data
- Introduction to the concept of a file (What constitutes a file?)
- Recognising the Reference, the metadata and the data of a file
- Management of data units (blocks or clusters)
- Introduction to Linked Lists
- Introduction to the Bitmap Structure
NTFS Forensics
- History, theory, MBR, BPB, Extended BPB
- Latest Changes in NTFS (TRIM, garbage collection, etc)
- MFT
- File Record
- File Record Header
- File Record Attributes in Depth
- NTFS Time Stamps Discussion
- NTFS $ (system) files
- NTFS Compression
- NTFS EFS
- Tracing File Ownership
- Management of the data area
- File Creation & File Deletion
- ‘Format’” command Forensics
- Practicals – Case Scenarios
FAT 12/16/32
- History
- File System Structures (Boot Sector, FAT table, FSInfo)
- Defining the Reference, the metadata and the data of a file (Directory Entries, Long File Names)
- Management of the data area
- File Creation & File Deletion
- ‘Format’” command Forensics
- Practicals – Case Scenarios
Linux File Systems (ext2/3/4)
- Superblock
- Group Descriptor
- Block Bitmap
- Inode Bitmap
- INODE
- Data block
ExFAT Forensics
- History
- File System Structures
- Boot Sector
- Understanding the References (Directory Entries, SET)
- Management of the data area
- File Creation & File Deletion
- ‘Format’” command Forensics
- Practicals – Case Scenarios
Direct, indirect, double indirect
- File Creation & File Deletion
- ‘Format’” command Forensics Mac Files System (APFS /HFS/HFS+)
- Volume Headers
- Special Files
- Catalog Entry Structure
- Data Forks vs Resource Forks
- UNIX special file support
- iNode Files/Hard Links
- File Creation & File Deletion
- Format” command Forensics
- Practicals – Case Scenario
