In this video from our NTFS Forensics course our instructor, Divya Lakshmanan, will explain what is file system tunneling. This concept is an important thing to understand when doing forensics on Windows machines, and it can save you some headaches, for sure. Enjoy the video!
Every degree course on Digital Forensics begins with a study on File System Forensics - which has a guaranteed module on the New Technology File System used by Windows Operating Systems. At present, the competitive job market looks for professionals who can ‘Do one thing well’. Regardless of the amount of theoretical knowledge, practical knowledge and hands-on training sets you apart from your peers. If you wish to learn the internals of the NT file system and how to perform forensic procedures on it, then this is your go-to course.
What will you learn?
- Internals of the New Technology File System
- How the various data structures are organized within the NT File System
- How to interpret the data structures, thereby perceiving how file storage is done by NTFS
- How to perform File System Forensics on NTFS
What skills will you gain?
- File carving on NTFS, for data recovery or forensics.
- Ability to decipher hexadecimal data efficaciously
- Competence to write custom scripts that can be added as plugins to formal forensic tools
- Endurance to operate with hexadecimal data!
Introduction to NT File System, How to forensically approach NT File System?, $Boot File, $MFT File, $Volume File, $AttrDef File, $Bitmap File, Introduction to NT File System, How to forensically approach NT File System, $Boot File, $. (root) File, Resident File, Non-resident File, Directory, Behaviour on file/directory deletion, Behaviour of NT File System on Linux, File System Journaling, File System Tunneling, Object Identifiers, Links – Soft links, hard links, junctions, Sparse Files, Compressed Files, Encryption, Access Control Lists, Alternate Data Streams, The Sleuth Kit Tool Suite against NTFS, How to ‘approach’ forensics of NTFS forensic image?