![]() This module will focus on operating system artifacts most commonly encountered during the analysis of computer evidence recovered from the Windows Registry. ![]() MODULE 3: OPERATING SYSTEM ARTIFACTS Part 1 At the conclusion of this module, students will be able to successfully acquire forensic images from various evidence sources configure case-specific and global settings in AXIOM Process for the recovery of key artifacts and, create a case for analysis in AXIOM Examine.During this exercise, students will also be shown the capabilities of setting options for each supported artifact, and how to turn off specific artifacts to speed the processing of evidence files. Hands-on exercises will focus around processing details such as adding keywords to search and the importance of selecting the different encoding available for “All Content” searches (ASCII, Unicode…), hashing functionality and the varying types of hash sets such as NSRL, Project VIC, and gold-build image hashes.Collection from different evidence sources such as computer-based media (hard disks, memory cards, USB devices), cloud data, and mobile devices will be discussed and demonstrated.All settings in AXIOM Process will be discussed to ensure the use and effectiveness of Magnet AXIOM are maximized during processing - all while decreasing processing time and increasing effectiveness.MODULE 2: EVIDENCE PROCESSING AND CASE CREATION Hands-on exercises will allow you to install Magnet AXIOM and learn about its associated programmatic components: AXIOM Process and AXIOM Examine.Learning objectives will be presented along with expected outcomes over the course’s four days.MODULE 1: INTRODUCTION AND INSTALLATION OF MAGNET AXIOM ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |