About the course
This specialist-level course is for experienced forensic
investigators who want to acquire the knowledge and
skills to navigate, identify, capture and examine data from
Linux is an increasingly popular operating system. This two-day course will provide you with a practical understanding from a forensic perspective of how to deal with a Linux system, and requires no previous Linux knowledge. You will develop a core understanding of the file system data structures and key files so that they can be confident in capturing
potential digital evidence. Throughout the course you will apply this knowledge in hands-on exercises to demonstrate and reinforce understanding, using both a Linux environment and Windows based forensic software.
THE SKILLS YOU WILL LEARN
Upon completion of the course you will have used a Linux System to:
Become familiar with both Linux GUI and command line environments.
Demonstrate how Linux can be used for forensic imaging. Capture RAM and basic volatile data from a live Linux system. (Note: This is not
network identification or network traffic capture) and Windows based forensic software and an image of a Linux system to: Examine ext3 and ext4 file system structures Identify core system information Explore system log files for artefacts including; boots, logins and device connection Examine user artefacts including; recent activity, thumbnails and printing.