Science Homework Help

Topic: Reconstructing System Usage & Activities using Operating System Files

This week, we will learn and practice a variety of techniques used to reconstruct system usage and user-level activities using operating system files (log files, prefetch files, short cut files, swap files, page files, Windows registry files, etc.) and the user profile (including the user’s desktop, downloads directory, etc.). This analysis will include both the contents of files and file system data about those files (names and dates). Students will also learn how to perform and document a timeline analysis.

Macintosh Forensics A Guide for the Forensically Sound Examination of a Macintosh Computer
Ryan R. Kubasiak, Investigator – New York State Police

CMIT 424 6380 Digital Forensics Analysis and Application (2202) – Week 6

1. Week 6 Readings

2. Macintosh Forensics: A Guide to Forensically Sound Examination of a Macintosh Computer

Required Readings

1. Windows Registry Quick Reference: Windows Registry Quick Reference.pdf

2. How Windows handles time stamps: How Windows handles time stamps.pdf

3. TimeBias: TimeBias.pdf

4. Windows Systems and Artifacts in Digital Forensics, Part I: Registry: Windows Systems & Artifacts: Registry

5. Windows Forensics and Security: https://articles.forensicfocus.com/2014/04/14/windows-forensics-and-security/

6. Linux Forensics(for Non-Linux Folks): Linux Forensics

7. EnCase User Guide Chapter 19 – Virtual File System (for your information): CHAPTER 19 VIRTUAL FILE SYSTEM.pdf

8. EnCase User Guide Chapter 20 – Physical Disk Emulator (for your information): CHAPTER 20 PHYSICAL DISK EMULATOR.pdf

Video

1. Windows Registry Part 1: https://www.youtube.com/watch?v=z_V15xfzYDA