FORENSICS 508 - Day 6

Advanced Forensics and the Forensic Challenge

An application's activity, such as instant messaging clients that record chat conversations, USB keys installed using plug and play services, and peer-to-peer application sharing files, will potentially store data just from their installation, execution, and general use on the file system and memory. The evidence trail created by these programs could be a treasure trove of crucial data that might make or break your case. You will learn how to utilize advanced analysis techniques, called Application Footprinting, to discover where you might find and uncover crucial evidence that was created or stored from the application being installed or executed on your suspect system.

For the majority of the day you will employ the techniques learned throughout the week in a systematic hands-on intrusion investigation case. You will analyze a real-world compromised system where you might be able to discover who the suspect is online via the investigative methodology we have utilized in the course.