Course curriculum
-
-
$I30 Files
-
NTFS Master File Table
-
$MFT
-
$LogFile
-
$Volume
-
$VOLUME_NAME
-
$VOLUME_INFORMATION
-
$AttrDef
-
\ - Root directory
-
$Bitmap
-
$Boot
-
$BadClus
-
$Secure
-
$UpCase
-
$Extend
-
$Quota
-
$UsnJrnl
-
Exercise(s)
-
-
-
MFT Records
-
NTFS File Allocation
-
NTFS File Deletion
-
Exercise(s)
-
-
-
MAC Times in NTFS
-
Displaying Timestamps
-
Exercise(s)
-
-
-
Intro. to NTFS Data Streams
-
Compressed Files
-
Encrypting File System (EFS)
-
Exercise(s)
-
-
-
Questions
-
Exercise(s)
-
REFERENCES
-
-
-
Final Case Exercise
-

About this course
- $50.00
- 33 lessons
- 0 hours of video content
Learning Outcomes
After completing this course, you will learn the following.
-
Learn how to Examining NTFS Metadata Files
-
Understand NTFS File Allocation and Deletion
-
Understand NTFS Timestamps
-
Learn how to Analyze NTFS Compressed Files and Data Streams
-
Learn how to use Different Forensics Tools for NTFS Forensic Analysis
Technical Requirements
For the hands-on labs in this course
-
Windows 10 Operating System (recommended)
-
MFT Explorer (Eric Zimmerman)
-
MFT Browser (Costas K.)
-
Hex-Editor such as (010 Editor) or (HxD)
-
WinHex (X-Ways)
-
Other Useful NTFS Forensic Tools
What is next at Cyber 5W?
Add your email to receive updates on new courses