From the course: CompTIA CySA+ (CS0-002) Cert Prep: 6 Incident Response
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Operating system analysis
From the course: CompTIA CySA+ (CS0-002) Cert Prep: 6 Incident Response
Operating system analysis
- [Instructor] Forensic examiners will often find themselves needing to dig into the inner workings of the operating system of a target system. This process is called live analysis and it's unlike the offline analysis we've ready discussed because you're interacting with a live system and you're collecting information from that system that is highly volatile. If you don't collect it quickly, it may be lost forever. One of the most volatile sources of digital forensics evidence is the contents of memory on a running system. You can use an action called a memory dump to write the current contents of RAM to a file that may then be stored for offline analysis. Creating a memory dump is actually a fairy simple task. You'll need a memory dump tool, I'm going to use FTK Imager, the same utility that I used earlier to capture a drive image. It can perform memory dumps as well. I just click this button that looks like a memory…
Contents
-
-
-
-
-
-
(Locked)
Conducting investigations5m 7s
-
(Locked)
Evidence types3m 51s
-
(Locked)
Introduction to forensics4m 6s
-
(Locked)
System and file forensics4m 17s
-
(Locked)
File carving3m 1s
-
(Locked)
Creating forensic images5m 36s
-
Digital forensics toolkit3m 13s
-
(Locked)
Operating system analysis6m 25s
-
Password forensics8m 9s
-
(Locked)
Network forensics4m 50s
-
(Locked)
Software forensics3m 32s
-
(Locked)
Mobile device forensics1m 32s
-
(Locked)
Embedded device forensics2m 50s
-
(Locked)
Chain of custody2m 13s
-
(Locked)
Ediscovery and evidence production3m 15s
-
(Locked)
-