inflearn logo
강의

Course

inflearn logo
BEST
Security & Network

/

Computer Security

Digital Forensic Specialist Level 2 Practical Exam Preparation Course for Beginners (EnCase/Autopsy)

This is a Digital Forensic Specialist Level 2 practical lecture for beginners, starting slowly and easily with everything from terminology to writing answers for the once-difficult subject of digital forensics.

(5.0) 62 reviews

744 learners

Level Beginner

Course period 12 months

Forensic
Forensic
Forensic
Forensic
News list
forensic님의 프로필 이미지
forensic

Edited

[Must Read] Please make sure to check before watching the lecture!

Instructions for viewing lectures

1. Be sure to check out the lecture introduction video in Section 0.

2. All lectures are categorized by headings such as [Common] / [EnCase] / [Autopsy].

1) [Common]: Videos that you should see in common regardless of the analysis tool you plan to use.

2) [EnCase]: Video you should watch only if you use Encase

3) [Autopsy]: Video you should watch only if you use Autopsy

Because the lecture is conducted according to the analysis tool you want to use.

Please watch only the videos for [Common] + [Analysis tool you want to use] .

Example) If you use Encase: [Common] video + [EnCase] video

If you use Autopsy: [Common] video + [Autopsy] video

 

3. Before watching the lecture video, please check the notes at the bottom of the lecture video.

4. You can download textbooks and practice-related files by clicking the [Class Materials] button at the top of the relevant lecture video.

1) Textbook: [Section 1. Legal Theory] - [[Common] Legal Theory 1]

2) Summary of legal theories: [Section 1. Legal theories] - [[Common] Legal theories 2]

3) Basic practice images including tool function descriptions

- File name: forensictool.E01

- Download: [Section 7. How to Use Digital Forensic Tools] - [[EnCase]EnCase1]

[Section 7. How to Use Digital Forensic Tools] - [Autopsy]Autopsy1]

※ It is the same file, just divided into two places to fit the analysis tool.

 

4) Practice image for FAT32/NTFS partition recovery

- File name: Partition Recovery 1.zip (FAT32.001 / NTFS.001)

- Download: [Section 8. Partition Recovery] - [[Common] Partition Recovery using HxD]

 

5) Practice image for partition recovery in Encase

- encase_partion_break.E01

- Download: [Section 8. Partition Recovery] - [[EnCase]Partition Recovery using EnCase]

※ For Encase only

 

6) Practice Scenario 1 (Image Files and Problems, Reports)

① When using EnCase

- File name: [EnCase]Scenario1.zip (019-1-2-345.E01 / Transmission technology leak.001 / [EnCase]Scenario1_Scenario and issues.pdf / [EnCase]Automatic transmission technology leak_Complete report.pdf

- Download [Section 11. Practice Scenario 1] - [[EnCase] Practice Scenario Solution 1-1]

② When using Autopsy

- File name: [Autopsy] Scenario 1.zip (019-1-2-345.E01 / Transmission technology leak.001 / [Autopsy] Scenario 1_Scenario and issues.pdf / [Autopsy] Automatic transmission technology leak_Complete report.pdf

- Download [Section 11. Practice Scenario 1] - [[Autopsy] Practice Scenario Solution 1-1]

 

7) Practice Scenario 2 (Image Files and Problems, Reports)

① When using EnCase

- File name: [EnCase]Scenario2.zip (Nabo Seok's usb.E01 / Nabo Seok's usb.001 / [EnCase]Scenario2_Scenario and Issues.pdf / [EnCase]Precious Metal Theft Case_Report.pdf

- Download [Section 12. Practice Scenario 2] - [[EnCase] Practice Scenario Solution 2-1]

② When using Autopsy

- File name: [Autopsy]Scenario2.zip (Nabo Seok's usb.E01 / Nabo Seok's usb.001 / [Autopsy]Scenario2_Scenario and Problems.pdf / [Autopsy]Precious Metal Theft Case_Report.pdf

- Download [Section 12. Practice Scenario 2] - [[Autopsy] Practice Scenario Solution 2-1]

 

8) Practice Scenario 3 (Image Files and Problems, Reports)

① When using EnCase

- File name: [EnCase]Scenario3.zip (Park Sung-min's usb.E011 / Park Sung-min's usb.001 / [EnCase]Scenario3_Scenario and Issues.pdf / [EnCase]Scenario3_Report.pdf

- Download [Section 13. Practice Scenario 3] - [[EnCase] Practice Scenario Solution 3-1]

② When using Autopsy

- File name: [Autopsy]Scenario3.zip (Park Sung-min's usb.E01 / Park Sung-min's usb.001 / [Autopsy]Scenario3_Scenario and Issues.pdf / [Autopsy]Scenario3_Report.pdf

- Download [Section 13. Practice Scenario 3] - [[Autopsy] Practice Scenario Solution 3-1]

 

5. Download programs such as analysis tools used in the lecture

I will provide you with the download link for the program used in the lecture.

1) Encase

Encase is a commercial program, so it can only be used if you have a separate license. It does not appear to provide a direct installation file, and it is difficult to confirm whether the installation file can be distributed, so it is difficult to provide an installation program.

 

2) FTK Imager

Available for download on the exterro website

https://www.exterro.com/ftk-imager

After entering the link above, click the 'Download FTK Imager' button.

You will be taken to the download page. You can download by filling out the information on the right side of the download page (Fill out the form to download~) and submitting it.

Currently, version 4.7 is available for download, and since it is not much different from version 4.5.0.3 used in the lecture, you can use version 4.7.

 

3) HxD

Available for download from the mh-nexus website

https://mh-nexus.de/en/downloads.php?product=HxD20

After entering the link above, you can download the Korean version in the middle.

This is the same version as the 2.5.0.0 version used in the lecture.

 

4) REGA/LNK Parser

You can download it from the Korea University Digital Forensics Research Center Tool page.

http://forensic.korea.ac.kr/tools.html

If you click on the link above, you will be taken to the download page.

Among the many tools, you can download the second REGA from the top / the fifth LNK Parser from the top.

 

Comment
No comments yet.

$92.40