EE547 Digital Forensics
Schedule
Wed 13h00-15h00 (lecture in s4214)
Wed 15h00-16h00 (labo online)
References
- B. Carrier. “File System Forensic Analysis”, Addison Wesley, 2005, 569 p.
- M.H. Ligh et al., “The Art of Memory Forensics – Detecting Malware and Threats in Windows, Linux and Mac Memory”, Wiley, 2014, 886 p.
- Harlan Carvey, “Windows Forensic Analysis Toolkit: Advanced Analysis Techniques for Windows 8”, 4th Edition, Syngress, 210, 350 p.
Resource
Wk |
Date |
Lectures |
References |
Others |
Laboratories |
|
| 1 | 14 Sep 22 | Intro to digital forensics (recording) | Carrier §1-3 | Lab setup
(due 21 Sep at 13h00) |
||
| 2 | 21 Sep 22 | Volumes and partitions (recording) | Carrier §4-7 | Lab 2 – Volumes and Partitions
(due 28 Sep at 13h00) |
||
| 3 | 28 Sep 22 | FAT32 file system (recording) | Carrier §8-10 | Lab 3 – FAT32
(due 5 Oct at 13h00) |
||
| 4 | 5 Oct 22 | NTFS file system (recording) | Carrier §11-13 | Lab 4 – NTFS
(due 19 Oct at 13h00) |
||
| 5 | 12 Oct 22 | Windows (recording) | Carvey | |||
| 6 | 19 Oct 22 | Windows (con’t) | Carvey | Lab 5 – Windows 10
(due 26 Oct at 13h00) |
||
| 7 | 26 Oct 22 | Linux (con’t) | Lab 6 – Linux
(due 2 Nov at 13h00) |
|||
| 8 | 2 Nov 22 | Windows Objects (recording) | Ligh §1, 3-5
Ligh §6 |
Paper selection | Lab 7 – Memory Acquisition
(due on 9 Nov at 13h00) |
|
| 9 | 9 Nov 22 | Process memory internals (recording) | Ligh §7-8 | Lab 8 – Malicious Processes
(due on 16 Nov at 13h00) |
||
| 10 | 16 Nov 22 | Kernel forensics and rootkits (recording) | Ligh §13 | Lab 9 – Rootkits
(due on 23 Nov at 13h00) |
||
| 11 | 23 Nov 22 | Final exercise (recording) |
Final exercise (Instructions, template)
(due on 7 Dec at 13h00) |
|||
| 12 | 30 Nov 22 | No class (work on exercise and presentation) | ||||
| 13 | 7 Dec 22 | Student presentations (schedule, eval sheet) | ||||
| 14 |