This course covers the usage and configuration of two tools (Paladin/Autopsy and osTriage) designed to preview a non-mobile digital device and export files of evidentiary value. Day One is designed to preview a non-mobile digital device and export files of evidentiary value from a device that is powered on. Day Two is designed to preview a non-mobile digital device and export files of evidentiary value from a device that is powered off.
Students who bring an external USB hard drive (32GB minimum) will be able to leave with the same setup shown in class. Other topics include a detailed examination of the process of previewing: what previewing is, why and when it should be done, who can conduct a preview, and differences in procedure for starting a preview depending on whether a device is on or off.
Course structure:
- What is previewing? Learn why you should preview, who can perform a preview, when to conduct a preview, and how to start a preview whether a device is on or off.
- Paladin/Autopsy. Learn to forensically boot a device, then quickly preview and export digital evidence found on scene.
- osTriage. Learn to identify when encryption is present, image RAM memory, display browser history, preview and export existing files, and much more.
- Hands-on experience. Work with Paladin/Autopsy and osTriage, and leave the course with the same setup shown in class.
Prerequisites:
- "Cyber Investigation (CI) 091 - Introduction to Previewing" (online course).
- "CI 142 - Encryption" (online course).
Suggested materials: Bring an external USB hard drive (32GB minimum) to class.
| Amount | Description |
|---|---|
$0.00 | Free |