This course provides a complete introduction and foundation for investigators, to learn useful forensic utilities in the Linux environment. Leverage powerful open source tools to acquire, extract, examine, and carve data from multiple platforms including Windows.
Students will learn how to image a device using DD, verify hash signatures, mount the image, and run an analysis of the
data using various open source applications such as Scalpel, Timescanner, and more. An overview of Linux in mobile forensics is also provided, giving students a primer for the individual mobile
forensic courses.
Topics include:
- Linux OS Overview
- Basic Linux Commands
- Setting up a forensic Linux VM
- Forensic Analysis – Tools and Commands
- DD command
- Image verification (md5 command)
- View with hex: xxd | less
- Mount/Unmount Images
- Strings
- Grep
- Scalpel
- Creating a timeline
- Communication with mobile devices
Upcoming Training Workshops
