FAA78100004:
(78100004) Cybercop 201 - Intermediate Data Recovery and Analysis (IDRA)
FAA78100004
Cancelled
(78100004) Cybercop 201 - Intermediate Data Recovery and Analysis (IDRA)
COURSE
2007-11-01
This course is designed to be the ""sequel"" to the Cybercop 101 (BDRA) course. It covers the forensic examination of Windows based operating systems on a FAT File System. It includes processing the Recycle Bin, swap file, registry, long file names, date and time information and other Windows features. Topical areas include LBA and hard drive access, partition table reconstruction, advanced imaging and restoration, recovering data from the registry and recovering Windows-based passwords. In addition the student will learn to process slack space, unallocated space, print spool files, and application metadata for additional evidence that may be otherwise overlooked. The course also includes a comprehensive discussion of how partition tables work, processing alternate media such as memory cards, CDs and DVDs. The class is scenario based giving an opportunity for the students to examine a ""suspect's"" hard drive through the course of the week, as well as additional pieces of evidence.
