Host Forensics (2019)
The intent of the Host Forensics Knowledge Unit is to provide students with the ability to apply forensics techniques to investigate and analyze a host in a network.
To complete this KU, students should be able to:
- Describe what can/cannot be retrieved from various OSes.
- Describe the methodologies used in host forensics.
More than one operating system should be demonstrated.
- File Systems and File System Forensics
- Hypervisor Analysis
- Rainbow Tables
- Known File Filters (KFF)
- File Carving
- Live System Investigations
- Timeline Analysis
- Include samples of hands-on activities
Examples of acceptable operating system specific topics may include:
- Registry Analysis, NTFS (Microsoft Windows)
- Preference List Analysis, HFS+/AFS (Apple MacOS)
- System configuration Analysis, EXT2/3/4 (Linux, e.g. /etc)
- Digital Forensics, Specialization Area
- Security Incident Analysis and Response
- System Security Administration
Related Knowledge Units
- Carrier, B., 2005. File system forensic analysis. Addison-Wesley Professional.
Suggested academic readings
Sample knowledge test
Sample skills test
Sample abilities test
Additional notes or materials