Video description
Understanding how to handle digital evidence is an essential skill for the law enforcement professional or corporate investigator tasked with searching a computer system for evidence of crimes and intrusions. This course teaches you the techniques required for acquiring, validating, and protecting digital evidence in order to ensure the evidence is accurate and free from tampering. You'll learn how to use free, open source software utilities to acquire digital evidence from an electronic device; also covered is how to validate and verify the evidence, as well as how to handle and store the evidence. Learners should have experience using command line utilities.
- Explore a skill set used by professional forensic practitioners
- Master the ability to acquire data from computer disks and memory
- Understand how to obtain evidence validation and verify the validation
- Discover the proper methods for protecting acquired evidence
- Learn how to ensure accurate, tamper free digital information
Ric Messier (GCIH, GSEC, CEH, CISSP) is the Director for Cyber Academic Programs at Circadence. He has decades of information security experience and is the author of dozens of O'Reilly titles on info sec and digital forensics, including "Introduction to Penetration Testing" and "Learning Linux Security". He holds a B.S. in Information Technology from the University of Massachusetts, an MS in Digital Forensic Science from Champlain College, and a Ph.D. in Information Assurance and Security from Capella University.
Table of contents
-
Introduction
- Welcome To The Course 00:02:14
- About The Author 00:02:17
- System Requirements 00:04:36
- Legal Implications 00:04:06
-
Acquisition And Validation
- Storage Types 00:04:24
- Acquisition Using DD 00:04:23
- DD Parameters 00:03:04
- Using FTK Imager 00:03:32
- Using FTK Imager On Windows 00:03:21
- Hashing - What Gets Hashed 00:04:05
- Md5Sum 00:03:47
- Sha1Sum 00:04:07
- Dcfldd 00:03:23
- FCVI 00:03:43
- Quickhash 00:03:38
- Linux Memory Acquisition 00:02:59
- Virtual Memory Acquisition 00:04:26
- Windows Memory Acquisition With DumpIt 00:03:28
- Windows Memory Acquisition With FTK Imager 00:02:31
- Linux Memory Acquisition With LIME 00:04:20
- Android Memory Acquisition With LIME 00:04:20
-
Protection
- Secure Storage / Physical Protection 00:03:44
- LUKS 00:03:02
- VeraCrypt 00:04:51
- Windows Encryption 00:03:59
- AES Crypt 00:02:38
- Whole Disk Encryption 00:04:54
- Key Management 00:04:37
-
Conclusion
- Wrap Up And Thank You 00:02:26
Product information
- Title: Evidence Acquisition and Handling
- Author(s):
- Release date: September 2017
- Publisher(s): Infinite Skills
- ISBN: 9781491997475
You might also like
audiobook
Transformed
Help transform your business and innovate like the world's top tech companies! Transformed: Moving to the …
book
IBM Storage for Red Hat OpenShift Blueprint
This IBM® Blueprint is intended to facilitate the deployment of IBM Storage for Red Hat OpenShift …
book
IBM Cloud Pak for Data with IBM Spectrum Scale Container Native
This IBM® Redpaper® publication describes configuration guidelines and best practices when IBM Spectrum® Scale Container Native …
audiobook
What's New in AI: Open Source Large Language Models with Eric Xing (Audio)
Join host George Anadiotis and guest Eric Xing, for a discussion about the current and expanding …