EE547 Digital Forensics

Schedule

Wed 13h00-15h00 (lecture)
Wed 15h00-16h00 (labo)

Discord server

https://discord.gg/D5TUe2v

References

  • B. Carrier. “File System Forensic Analysis”, Addison Wesley, 2005, 569 p.
  • M.H. Ligh et al., “The Art of Memory Forensics – Detecting Malware and Threats in Windows, Linux and Mac Memory”, Wiley, 2014, 886 p.
  • Harlan Carvey, "Windows Forensic Analysis Toolkit: Advanced Analysis Techniques for Windows 8", 4th Edition, Syngress, 210, 350 p.

Resource

Wk

Date

Lectures

References

Others

Laboratories

1

16 Sep

Intro to digital forensics

Carrier §1-3

 

Lab setup

Lab 1 - Intro to X-Ways

(due 23 Sep at 13h00)

2

23 Sep

Volumes and partitions

Carrier §4-7

 

Lab 2 - Volumes and Partitions

(due 30 Sep at 13h00)

3

30 Sep

FAT32 file system

Carrier §8-10

 

Lab 3 - FAT32

(due 7 Oct at 13h00)

4

7 Oct

NTFS file system

Carrier §11-13

 

Lab 4 - NTFS

(due 21 Oct at 13h00)

5

14 Oct

Windows

Carvey

 

 

6

21 Oct

Windows (con't)

Linux

Carvey

 

Lab 5 - Windows 10

(due 4 Nov at 13h00)

7

28 Oct

Linux (con't)

 

 

 

8

4 Nov

Windows Objects

Process, handles and tokens

Ligh §1, 3-5

Ligh §6

Paper selection

Lab 6 - Linux

(due 11 Nov at 13h00)

9

11 Nov

Remembrance Day

 

 

Lab 7 - Memory Acquisition

(due on 18 Nov at 13h00)

10

18 Nov

Process memory internals

Ligh §7-8

 

Lab 8 - Malicious Processes

(due on 25 Nov at 13h00)

11

25 Nov

Kernel forensics and rootkits

Ligh §13

 

Lab 9 - Rootkits

(due on 2 Dec at 13h00)

12

2 Dec

Student presentations

 

 

Final exercise (Brief, Instructions)

(due on 16 Dec at 13h00)

13

9 Déc

Final exercise

 

 

 

14

16 Déc

Final exercise