Learn your way! Get started

Forensic Investigator, Part 4: Data and Anti-Forensics

with expert David Bigger


Watch trailer

Forensic Investigator, Part 4: Data and Anti-Forensics Trailer

Course at a glance

Included in these subscriptions:

  • Dev & IT Pro Video
  • Dev & IT Pro Power Pack
  • Power Pack Plus

Release date Release date 5/12/2017
Level Level Beginner
Runtime Runtime 1h 27m
Closed captioning Closed captioning N/A
Transcript Transcript N/A
eBooks / courseware eBooks / courseware N/A
Hands-on labs Hands-on labs N/A
Sample code Sample code N/A
Exams Exams Included


Enterprise Solutions
Enterprise Solutions

Need reporting, custom learning tracks, or SCORM? Learn More



Course description

Dive into data acquisition to discover the differences between live and static acquisitions, as well as to learn about volatile data, or the data that should be acquired first once a system has been determined to be a crime scene. Additionally, explore the various tools and the necessary hardware and software required to carry out a successful investigation. Following an exploration of data acquisition, take a closer look at anti-forensics to understand the techniques criminals may use to make your acquisition more difficult including encryption and file deletion. Then, learn about the countermeasures that can be implemented to overcome acquisition obstacles including password crackers and undelete utilities.

Prerequisites

Recommended: Understanding of networking; How data flows from source and destination Computer security basics such as passwords, encryption and physical security Basic understanding of computing and computer systems Experience with various operating systems

Meet the expert

David Bigger David Bigger is the lead trainer at Bigger IT Solutions. He has been information technology for a little over 20 years and has been training all over the US. He has worked with companies like US Military, Lockheed Martin, General Dynamics, Dominos Pizza, University of Utah and Expedia


Course outline



Data Acquisition and Anti-Forensics

Data Acquisition (16:48)
  • Introduction (00:26)
  • Data Acquisition (03:25)
  • Volatile Data (02:14)
  • Non-Volatile Data (01:05)
  • Do We Need Copies? (01:11)
  • Copies or Duplicates (01:39)
  • Chain of Custody (00:44)
  • Chain of Custody Form (00:45)
  • Forensic Tools (00:48)
  • Software Forensic Tools for Acquisition (01:36)
  • Hardware Forensic Tools for Acquisition (02:21)
  • Summary (00:29)
Live Acquisition (19:30)
  • Introduction (00:28)
  • Live Acquisition (04:13)
  • Live Acquisition Common Items (02:23)
  • Which Volatile Data First (01:08)
  • Live Acquisition Steps (02:32)
  • Live Acquisiton Tools (00:51)
  • Live Acquisition Common Mistakes (04:43)
  • Locard's Exhchange Principle (02:46)
  • Summary (00:22)
Static Acquisition (16:37)
  • Introduction (00:29)
  • Static Acquisition (03:32)
  • Write Blockers (01:20)
  • Destination Media (01:10)
  • Static Acquisition Tools (00:23)
  • Acquisition Methods (00:24)
  • Disk to Disk (00:50)
  • Disk to Image (00:58)
  • Static Acquisition Image Formats (00:34)
  • Format (02:38)
  • Sparse and Logical Acquisition (01:17)
  • Are the Copies Good? (02:37)
  • Summary (00:20)
Anti-Forensics (11:56)
  • Introduction (00:23)
  • Anti-Forensics (01:37)
  • Why Do They Use Anti-Forensics? (01:55)
  • Techniques Used (05:04)
  • Case Study (01:22)
  • Tools and Techniques Used (01:17)
  • Summary (00:16)
Techniques (15:08)
  • Introduction (00:21)
  • Techniques Used: An In-Depth Look (00:30)
  • Password Protection (03:11)
  • Password Cracking Techniques (02:35)
  • Deleting Files (04:24)
  • Encryption (01:15)
  • Rootkits (00:49)
  • Rootkit Types (01:40)
  • Summary (00:20)
Countermeasures (07:11)
  • Introduction (00:30)
  • Countermeasures (03:40)
  • Challenges (00:01)
  • Challenges (02:41)
  • Summary (00:17)