From the course: CompTIA Security+ (SY0-601) Cert Prep: 9 Operations and Incident Response
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Operating system analysis
From the course: CompTIA Security+ (SY0-601) Cert Prep: 9 Operations and Incident Response
Operating system analysis
- [Instructor] Forensic examiners will often find themselves needing to dig into the inner workings of the operating system of a target system. This process is called Live Analysis, and it's unlike other types of offline analyses because you're interacting with a live system and collecting information from it that's highly volatile. If you don't collect that information quickly, it may be lost forever. One of the most volatile sources of digital forensic evidence is the contents of memory on a running system. You can use a technique called a memory dump to write the current contents of RAM to a file that may then be stored for offline analysis. Creating a memory dump is actually a fairly simple task. You'll need a memory dump tool. I'm going to use FTK Imager, the same utility that I used earlier to capture a drive image. It can perform memory dumps as well. I just click this button that looks like a memory chip, and…
Contents
-
-
-
-
-
-
(Locked)
Conducting investigations3m 50s
-
(Locked)
Evidence types3m 28s
-
(Locked)
Introduction to forensics3m 21s
-
(Locked)
System and file forensics4m 26s
-
(Locked)
File carving3m 46s
-
(Locked)
Creating forensic images5m 30s
-
Digital forensics toolkit2m 25s
-
(Locked)
Operating system analysis6m 9s
-
(Locked)
Password forensics7m 16s
-
(Locked)
Network forensics4m 1s
-
(Locked)
Software forensics4m 25s
-
(Locked)
Mobile device forensics1m 10s
-
(Locked)
Embedded device forensics2m 30s
-
(Locked)
Chain of custody1m 50s
-
(Locked)
Ediscovery and evidence production3m 3s
-
(Locked)
Exploitation frameworks6m 4s
-
(Locked)
-