Find user accessed files for File Use & Knowledge evidence.
Welcome to the Surviving Digital Forensics series. Oftentimes you will be asked to find information on a target system that shows if a user accessed certain files, the last time they did and/ or how often they did. Being able to put a picture together that answers these questions can be critical and make or break the case. In this course you will learn one method that can be used to answer these questions. Of course we will be using all low cost or no cost computer forensic tools. The course is focused on just what you need and you will be up and running in under an hour.
As with previous SDF classes you will learn by doing. The class begins with a brief overview of the method we will be using and then it is all hands on. There are three practicals in which you work with our prepared files in applying the technique as well as questions to answer about each scenario.
- Overview of target files used for IE History
- Learn about the target files in IE History you can use to extract file access data
- Learn how to organize these files to use with a freely available forensic tool
- Learn how to use this technique to obtain the file names & file paths of user accessed files
- Learn how to identify when a file was last accessed in IE History
- Learn how to tell how many times a file was accessed in IE History
- Learn how to identify accessed files from the local system and tell them apart from those on other volumes (such as external media or networked drives)
- Windows Explorer Forensics – Practical 01
- Windows Explorer Evidence – Practical 01 Question
- Windows Explorer & External Media – Practical 02
- Windows Explorer & External Media – Practical 02 Review
- Windows Explorer & Hidden Directories – Practical 03
- Windows Explorer & Hidden Directories – Practical 03 Review