EE547

Wed 13h00-15h00 (lecture)
Wed 15h00-16h00 (labo)

B. Carrier. “File System Forensic Analysis”, Addison Wesley, 2005, 569 p.
M.H. Ligh et al., “The Art of Memory Forensics – Detecting Malware and Threats in Windows, Linux and Mac Memory”, Wiley, 2014, 886 p.
Harlan Carvey, "Windows Forensic Analysis Toolkit: Advanced Analysis Techniques for Windows 8", 4th Edition, Syngress, 210, 350 p.

Wk	Date	Lectures	References	Others	Laboratories
1	16 Sep	Intro to digital forensics	Carrier §1-3		Lab setup Lab 1 - Intro to X-Ways (due 23 Sep at 13h00)
2	23 Sep	Volumes and partitions	Carrier §4-7		Lab 2 - Volumes and Partitions (due 30 Sep at 13h00)
3	30 Sep	FAT32 file system	Carrier §8-10		Lab 3 - FAT32 (due 7 Oct at 13h00)
4	7 Oct	NTFS file system	Carrier §11-13		Lab 4 - NTFS (due 21 Oct at 13h00)
5	14 Oct	Windows	Carvey
6	21 Oct	Windows (con't) Linux	Carvey		Lab 5 - Windows 10 (due 4 Nov at 13h00)
7	28 Oct	Linux (con't)
8	4 Nov	Windows Objects Process, handles and tokens	Ligh §1, 3-5 Ligh §6	Paper selection	Lab 6 - Linux (due 11 Nov at 13h00)
9	11 Nov	Remembrance Day			Lab 7 - Memory Acquisition (due on 18 Nov at 13h00)
10	18 Nov	Process memory internals	Ligh §7-8		Lab 8 - Malicious Processes (due on 25 Nov at 13h00)
11	25 Nov	Kernel forensics and rootkits	Ligh §13		Lab 9 - Rootkits (due on 2 Dec at 13h00)
12	2 Dec	Student presentations (schedule, eval sheet)			Final exercise (Brief, Instructions) (due on 16 Dec at 13h00)
13	9 Déc	Final exercise
14	16 Déc	Final exercise

EE547 Schedule