CYBV384
Host and File System Forensics
Bachelor's Degrees
Certificates
Cybersecurity Digital Forensics
Course Description
CYBV 384 provides students with in depth knowledge conducting a forensic investigation focusing on Windows Operating System (OS). It is estimated that approximately 80% of the desktop/laptop market share consists of Windows OS. It is critical for students to understand how Windows works and how to conduct a detailed investigation of this OS. During this course students will perform live analysis of Windows remotely and locally, understand how to and implement data acquisition, create timelines of system actions to identify how an incident occurred, and use various tools to recover and analyze data from file systems, the registry, and computer memory.
Learning Outcomes
The student will:
- Collect and analyze Windows OS digital artifacts
- Develop methodologies to conduct digital forensic investigations for Windows OS
- Conduct recovery of critical evidence on device storage
Course Objectives
The student will:
- Perform live analysis on Windows systems locally and remotely
- Demonstrate and understand acquisition techniques of volatile and non-volatile data
- Extract and analyze system actions, file system data, registry, and computer memory
- Analyze the architecture and security mechanisms present in Windows OS
- Correlate data collected from attacks and develop comprehensive reports to support management decision making and potentially legal proceedings