EE547

Wed 13h00-15h00 (lecture)
Wed 15h00-16h00 (labo)

B. Carrier. “File System Forensic Analysis”, Addison Wesley, 2005, 569 p.
M.H. Ligh et al., “The Art of Memory Forensics – Detecting Malware and Threats in Windows, Linux and Mac Memory”, Wiley, 2014, 886 p.
Harlan Carvey, "Windows Forensic Analysis Toolkit: Advanced Analysis Techniques for Windows 8", 4th Edition, Syngress, 210, 350 p.

Wk	Date	Lectures	References	Others	Laboratories
1	12 Jan	Intro to digital forensics (recording)	Carrier §1-3		Lab setup Lab 1 - Intro to X-Ways (due 19 Jan at 13h00)
2	19 Jan	Volumes and partitions (recording)	Carrier §4-7		Lab 2 - Volumes and Partitions (due 26 Jan at 13h00)
3	26 Jan	FAT32 file system (recording)	Carrier §8-10		Lab 3 - FAT32 (due 2 Feb at 13h00)
4	2 Feb	NTFS file system (recording)	Carrier §11-13		Lab 4 - NTFS (due 16 Feb at 13h00)
5	9 Feb	Windows (recording)	Carvey
6	16 Feb	Windows (con't) Linux (recording)	Carvey		Lab 5 - Windows 10 (due 23 Feb at 13h00)
7	23 Feb	Linux (con't)			Lab 6 - Linux (due 2 Mar at 13h00)
8	2 Mar	Windows Objects (recording) Process, handles and tokens (recording)	Ligh §1, 3-5 Ligh §6	Paper selection	Lab 7 - Memory Acquisition (due on 9 Mar at 13h00)
9	9 Mar	Process memory internals (recording)	Ligh §7-8		Lab 8 - Malicious Processes (due on 16 Mar at 13h00)
10	16 Mar	Kernel forensics and rootkits (recording)	Ligh §13		Lab 9 - Rootkits (due on 23 Mar at 13h00)
11	23 Mar	Final exercise (recording)			Final exercise (Instructions, template) (due on 20 Apr at 13h00)
12	30 Mar	No class (work on exercise and presentation)
13	6 Apr	Student presentations (schedule, eval sheet)
14

EE547 Schedule