Linux Fundamental + Computer Forensics 101
Description
The purpose of this short course is to provide an introduction to the GNU/Linux (Linux) operating system as a forensic tool for computer crime investigators and forensic examiners. This course also try to follows the philosophy that a hands-on approach is the best way to learn. GNU/Linux operating system utilities and specialized forensic tools available to investigators for forensic analysis are presented with practical exercises.
Course outline
Linux installation
-Overview Linux distribution
-Slackware 12 installation
-Desktop environment
-Configuration Slackware 12
Linux disk, partition and file system
-Knowing disk
-Knowing partition
-Using modules
-Knowing file system
Linux boot sequence (simplified)
-Booting the kernel
-Knowing runlevel
-Globlal startup script
-Service startup script
-Bash
Linux basic command
-Linux at terminal
-Another useful commands
-File permissions
-Knowing meta character
-Some hints
-Pipes and redirection
-Super user
Editor vi
-Introduction vi
-vi command summary
Mounting file system
-Knowing mount command
-File system table
Linux and forensic (basic)
-Useful command for forensic
-Analysis organization
-Determining disk structure
-Imaging evidence disk
-Knowing loopback device
-File hash
-Analysis
-Unallocated and slack space
Common forensic issues
-Handling large disk
-Preparing image disk
-Obtaining disk information (Chain of custody)
Advanced Linux forensic
-Command line
-More with dd
-Splitting file and image
-Compression
-Data carving
-Partition carving
-Determining the Subject Disk File System Structure
-dd and nc
Forensic tools
-Knowing sleuthkit
-Exercise 1,2,3,4 and 5 with sleuthkit
-LIBEWF (Expert Witness Files)
-Knowing SMART
Building own forensic distribution
-Choosing distribution
-Customization
-Installing package
-Build ISO file
Who should attend
-Law enforcement
-Computer crime-related investigator
-System administrator
-Professional security consultant
