CC 201 - Digital Evidence Examination and Processing (July 2018)

Monday Jul 09, 2018 - 12:00pm UTC to Thursday Jul 12, 2018 - 09:00pm UTC
Event Description: 

This course builds on the concepts introduced in "Cybercop 101 - Basic Digital Forensic Imaging." It covers the architecture and functionality of the Windows NT File System, the FAT and the ExFAT File System, and related directory entry information for locating files on electronic devices. Topical areas include file headers and file hashing, recovery of deleted files and long file names, and techniques for discovering potential evidence that might otherwise be overlooked. This course incorporates an investigative scenario, providing hands-on experience with examination of hard drive images.

Course structure:

  • Understand architecture and functionality. Learn about NT, FAT, and ExFAT file systems, as well as directory entry information.
  • Identify evidentiary files. Understand signature analysis of file headers and file hashing, as well as MD5 and SHA1 hashing algorithms.
  • Recover deleted files. Learn to recover files from the recycle bin, as well as deleted files no longer located in the recycle bin.
  • Learn search techniques and virtual memory. Locate valuable information within RAM, virtual memory, unallocated space, slack space, and application metadata. Learn to perform keywords, ASCII, and UNICODE searches.
  • Hands-on experience. Examine four different "suspect" hard drive images.
Location: 
Cyber Hall 100 3rd Place (Cyber Hall) (Google Maps)
Tuscaloosa, AL 35487
United States
Event Cost Information
AmountDescription
$0.00
Free
Space Available: 
Yes
Organizer Information
Event POC: 
Damita Jones
Event POC Email: 
Event POC Phone: 
1-800-221-4424
Category: