Host Forensics (2019)

From CyberEdWiki
Jump to: navigation, search

The intent of the Host Forensics Knowledge Unit is to provide students with the ability to apply forensics techniques to investigate and analyze a host in a network.


To complete this KU, students should be able to:

  1. Describe what can/cannot be retrieved from various OSes.
  2. Describe the methodologies used in host forensics.


More than one operating system should be demonstrated.

  1. File Systems and File System Forensics
  2. Hypervisor Analysis
  3. Cryptanalysis
  4. Rainbow Tables
  5. Known File Filters (KFF)
  6. Steganography
  7. File Carving
  8. Live System Investigations
  9. Timeline Analysis
  10. Include samples of hands-on activities

Examples of acceptable operating system specific topics may include:

  1. Registry Analysis, NTFS (Microsoft Windows)
  2. Preference List Analysis, HFS+/AFS (Apple MacOS)
  3. System configuration Analysis, EXT2/3/4 (Linux, e.g. /etc)


Specialization Areas

See also

Related Knowledge Units

Further reading

Suggested textbooks

  • Carrier, B., 2005. File system forensic analysis. Addison-Wesley Professional.

Suggested academic readings

Sample knowledge test

Sample skills test

Sample abilities test

Additional notes or materials


Reference ID