EE547 Schedule

EE547 Digital Forensics

Schedule

Wed 13h00-15h30 (lecture in s4214)
Wed 15h30-16h00 (lab in s5104)

References

  • B. Carrier. “File System Forensic Analysis”, Addison Wesley, 2005, 569 p.
  • M.H. Ligh et al., “The Art of Memory Forensics – Detecting Malware and Threats in Windows, Linux and Mac Memory”, Wiley, 2014, 886 p.
  • Harlan Carvey, “Windows Forensic Analysis Toolkit: Advanced Analysis Techniques for Windows 8”, 4th Edition, Syngress, 210, 350 p.

Resource

Wk

Date

Lectures

References

Others

Laboratories

1 13 Sep 22 Intro to digital forensics (recording) Carrier §1-3 Lab setup
Lab 1 – Intro to X-Ways
(due 20 Sep at 13h00)
2 20 Sep 22 Volumes and partitions (recording) Carrier §4-7 Lab 2 – Volumes and Partitions
(due 27 Sep at 13h00)
3 27 Sep 22 FAT32 file system (recording) Carrier §8-10 Lab 3 – FAT32
(due 4 Oct at 13h00)
4 4 Oct 22 NTFS file system (recording) Carrier §11-13 Lab 4 – NTFS
(due 18 Oct at 13h00)
5 11 Oct 22 Windows (recording) Carvey Lab 4 con’t
6 18 Oct 22 Windows (con’t)
Linux (recording)
Carvey Lab 5 – Windows 10
(due 25 Oct at 13h00)
7 25 Oct 22 Linux (con’t) Lab 6 – Linux
(due 1 Nov at 13h00)
8 1 Nov 22 Windows Objects (recording)
Process, handles and tokens (recording)
Ligh §1, 3-5Ligh §6 Must have
selected a
research paper
Lab 7 – Memory Acquisition
(due on 8 Nov at 13h00)
9 8 Nov 22 Process memory internals (recording) Ligh §7-8 Lab 8 – Malicious Processes
(due on 15 Nov at 13h00)
10 15 Nov 22 Kernel forensics and rootkits (recording) Ligh §13 Lab 9 – Rootkits
(due on 22 Nov at 13h00)
11 22 Nov 22 Final exercise
(recording)
Final exercise (Instructions, template)
(due on 6 Dec at 13h00)
12 29 Nov 22 No class (work on exercise and presentation) Final exercise
13 6 Dec 22 Student presentations (schedule, eval sheet) May be pushed to the following week.
 14
Scroll to Top