EE547 Schedule

EE547 Digital Forensics

Schedule

Wed 13h00-15h00 (lecture in s4214)
Wed 15h00-16h00 (labo online)

References

  • B. Carrier. “File System Forensic Analysis”, Addison Wesley, 2005, 569 p.
  • M.H. Ligh et al., “The Art of Memory Forensics – Detecting Malware and Threats in Windows, Linux and Mac Memory”, Wiley, 2014, 886 p.
  • Harlan Carvey, “Windows Forensic Analysis Toolkit: Advanced Analysis Techniques for Windows 8”, 4th Edition, Syngress, 210, 350 p.

Resource

Wk

Date

Lectures

References

Others

Laboratories

1 14 Sep 22 Intro to digital forensics (recording) Carrier §1-3 Lab setup

Lab 1 – Intro to X-Ways

(due 21 Sep at 13h00)

2 21 Sep 22 Volumes and partitions (recording) Carrier §4-7 Lab 2 – Volumes and Partitions

(due 28 Sep at 13h00)

3 28 Sep 22 FAT32 file system (recording) Carrier §8-10 Lab 3 – FAT32

(due 5 Oct at 13h00)

4 5 Oct 22 NTFS file system (recording) Carrier §11-13 Lab 4 – NTFS

(due 12 Oct at 13h00)

5 12 Oct 22 Windows (recording) Carvey
6 19 Oct 22 Windows (con’t)

Linux (recording)

Carvey Lab 5 – Windows 10

(due 26 Oct at 13h00)

7 26 Oct 22 Linux (con’t) Lab 6 – Linux

(due 2 Nov at 13h00)

8 2 Nov 22 Windows Objects (recording)

Process, handles and tokens (recording)

Ligh §1, 3-5

Ligh §6

Paper selection Lab 7 – Memory Acquisition

(due on 9 Nov at 13h00)

9 9 Nov 22 Process memory internals (recording) Ligh §7-8 Lab 8 – Malicious Processes

(due on 16 Nov at 13h00)

10 16 Nov 22 Kernel forensics and rootkits (recording) Ligh §13 Lab 9 – Rootkits

(due on 23 Nov at 13h00)

11 23 Nov 22 Final exercise
(recording)
Final exercise (Instructions, template)

(due on 7 Dec at 13h00)

12 30 Nov 22 No class (work on exercise and presentation)
13 7 Dec 22 Student presentations (schedule, eval sheet)
 14
Scroll to Top