Data acquisition is the process of gathering evidence or information. This can be done by using established methods to acquire data from a suspected storage media outlet to gain access to information about the crime or other incident, and potentially using that data as evidence to convict a suspect.
Objective
The objective of this lab is to help students learn to monitor a system remotely and to extract hidden text strings and other tasks that include:
- Investigating NTFS streams from hard drives
- Investigating hidden text strings
- Extracting the hidden content from hard drives
Scenario
Electronic evidence is fragile by nature and it can be very easily modified, destroyed, or damaged. Even in the booting process, the files can delete temporary files, modify stamps, or alter other data to writing data, and then create new files to the drive using the boot process.
Data Acquisition and Duplication
Computer Forensics Exercises / Data Acquisition and Duplication contains the following Exercises:
- Investigating NTFS Drive Using DiskExplorer for NTFS
- Viewing Content of Forensic Image Using AccessData FTK Imager Tool
The Virtual Private Cloud for this Lab set utilizes:
Computer Forensics Exercises are available as part of the following subscription:
Each subscription provides 6 months access to 34 Different Exercises. Each exercise contains a Scenario, Objectives, and individual step by step tasks to guide the user through all steps necessary to complete the exercise. The Computer Forensics Exercises are designed to give the user an ultimate hands-on experience. Each exercise category above has it’s own Virtual Private Cloud that comes preconfigured with Vulnerable websites, Victim Machines, and the environment is LOADED with tools, we even provide investigation files, hard disk clones and targets. Included in your network share are all the supporting tools required to practice in the Cyber Range / Lab environment.
Lab exercises are included for:
- Computer Forensics Investigation Process
- Computer Forensics Lab
- Understanding Hard Disks and File Systems
- Windows Forensics
- Data Acquisition and Duplication
- Recovering Deleted Files and Partitions
- Forensics Investigation Using AccessData FTK
- Forensics Investigation Using EnCase
- Steganography and Image File Forensics
- Application Password Crackers
- Log Capturing and Event Correlation
- Network Forensics, Investigating Logs and Investigating Network Traffic
- Investigating Wireless Attacks
- Tracking & Investigating Email Crimes
- Mobile Forensics
- Investigative Reports
Price: $199
