Course curriculum

    1. $I30 Files

    2. NTFS Master File Table

    3. $MFT

    4. $LogFile

    5. $Volume

    6. $VOLUME_NAME

    7. $VOLUME_INFORMATION

    8. $AttrDef

    9. \ - Root directory

    10. $Bitmap

    11. $Boot

    12. $BadClus

    13. $Secure

    14. $UpCase

    15. $Extend

    16. $Quota

    17. $UsnJrnl

    18. Exercise(s)

    1. MFT Records

    2. NTFS File Allocation

    3. NTFS File Deletion

    4. Exercise(s)

    1. MAC Times in NTFS

    2. Displaying Timestamps

    3. Exercise(s)

    1. Intro. to NTFS Data Streams

    2. Compressed Files

    3. Encrypting File System (EFS)

    4. Exercise(s)

    1. Questions

    2. Exercise(s)

    3. REFERENCES

    1. Final Case Exercise

About this course

  • $50.00
  • 33 lessons
  • 0 hours of video content

Learning Outcomes

After completing this course, you will learn the following.

  • Learn how to Examining NTFS Metadata Files

  • Understand NTFS File Allocation and Deletion

  • Understand NTFS Timestamps

  • Learn how to Analyze NTFS Compressed Files and Data Streams

  • Learn how to use Different Forensics Tools for NTFS Forensic Analysis

Technical Requirements

For the hands-on labs in this course

What is next at Cyber 5W?

Add your email to receive updates on new courses

Thank You