Course Curriculum
-
01
Introduction to File Systems
-
What is File System
-
Ext4
-
NTFS vs EXT4
-
Timestamps and File Operations
-
Required Files
-
Exercise 02 -- Inspecting Timestamps
-
Exercise 02 - Solutions
-
NOTICE
-
-
02
Analyzing FAT32 File Systems
-
Required Files (FAT Analysis)
-
FAT File System - Basics - Slides
-
Intro to FAT File System
-
Lab - Analyzing FAT Structure
-
FAT File System - Directory Entry - Slides
-
FAT File System - Timestamps - Slides
-
Lab - Analyzing FAT File System #1
-
Lab - Analyzing FAT File System #2
-
-
03
Analyzing NTFS File Systems
-
NTFS
-
Required Files (NTFS Analysis)
-
NTFS Basics - Slides
-
NTFS MFT - Slides
-
Lab - Analyzing the MFT File #1
-
Lab - Analyzing the MFT File #2
-
Lab - Working with Data Attributes
-
NTFS Dataruns and Fragmented Files
-
MFT Slack Space
-
NTFS Fixups - Slides
-
Lab - Working with Links
-
NTFS INDX Buffers - Slides
-
NTFS Journaling - Slides
-
Lab - Working with UsnJrnl
-
Lab - Working with Journals and Indexes
-
Lab - NTFS Challenge
-
Lab - NTFS Challenge (Solution A)
-
Lab - NTFS Challenge (Solution B)
-
-
04
Resources
-
Extra Reading
-
8 CPE Credits
After completing this course, you will earn:
Learning Outcomes
After completing this course, you will learn the following.
-
Demonstrate a comprehensive understanding of file systems and the ability to identify unique file system metadata
-
Analyze and parse the underlying file system structures
-
Apply this knowledge to data recovery and forensic investigations
What is next at Cyber 5W?
Add your email to the mailing list to get the latest updates.