Files, email messages, and social media posts all contain valuable information for digital forensic investigators when searching for evidence of a crime or intrusions into a computer system or network, but there’s also a wealth of information to be gleaned from a computer’s operating system. This includes user data, configuration settings, and a significant trail of user activities. Today, there are a number of tools available to extract and analyze this information.
In this course designed for entry- to intermediate-level law enforcement and corporate investigators, you’ll learn how to use readily available, open source tools to find valuable information in the Windows Registry. You’ll also see how to create and use logs with Windows Event Log and Linux Syslog, which you then can examine for traces of suspicious or unauthorized activity. Finally, you’ll look at the techniques employed by investigators to handle and process all of this important information to assist you in your forensic tasks.