Forensic Investigator (Part 5 of 10): Operating System Forensics

Which operating system are you best with? Do you prefer Linux over Windows, Windows over a Mac or a combination of the three? We are going to take a look at Operating System forensics so you can see in inner workings so we can find potential evidence. We will look at volatile and non-volatile data, how deal with both and techniques we can use to collect it to start off with. Once we understand data, then the operating systems will be picked apart so we, as investigators, know where to look for information. Afterwards, maybe you will change your mind from your favorite to different operating systems. This course contains the following lessons:

Lesson 1:

• Operating System Forensics
• Windows Volatile Data
• Windows Volatile Data Examples
• System Time and Open Files
• Shares and Command History
• Clipboard Contents and Logged On Users
• Mapped Drives and Process Information
• Network Information
• Demo for Network Information
• Demo: Network Information, Ipconfig
• Demo: Network Information, Netstat.

Lesson 2:

• Windows Non-Volatile Data
• Event Logs
• Registry Settings
• Registry Information Available
• Registry and the USB
• Browser Information
• Chrome Browser Information
• Edge Browser Information
• Firefox Browser Information
• Thumb caches
• Slack Space
• Hidden Partitions
• The Page File.

Lesson 3:

• Linux Forensics
• Linux Log Files
• Other Linux Files
• Linux Shell Commands
• Collecting Linux Network Information.

Lesson 4:

• Mac Forensics
• Mac Log Files
• Evidence on a Mac
• Safari
• Viewing Evidence on a Mac.