RGI Cyber Security Institute

Advanced Forensic Computing

The purpose of this module is to develop knowledge and understanding of advanced forensic computing techniques and to acquire the necessary skills to apply these successfully. The module will impart knowledge onto a student that will enable a student to apply a range of techniques to extract forensic evidence of data which is otherwise inaccessible.

Outcomes

On successful completion of this module a student should be able to:

  • Compare and identify the raw data formats used on optical media and artefacts created during their creation
  • Evaluate anti-forensic methods
  • Apply a range of techniques to extract forensic evidence of data or system usage which is otherwise inaccessible
  • Extract and interpret information from complex binary artefacts on a system
  • Trace and interpret areas of the registry from which useful forensic material is likely to be found
  • Create and run virtual machines for both previewing and experimentation.
  • Syllabus

  • Forensic analysis of the registry and its binary format
  • Structure and analysis of optical media disk formats
  • Virtual machine forensics
  • Forensic analysis of dynamic disks, spanned disks, striped volumes
  • Approaches to anti forensic techniques
  • Forensically exploiting operating system indexes
  • Forensic analysis of volume shadow copies
  • Forensic analysis of recently introduced features in Windows.
  • Copyright © RGI Cyber Security Institute