Windows miaintains a significant amount of data on its past activity as part of its normal operation. This is used for self-diagnosis, performance monitoring, and error reporting, as well as for common functions such as user login/logiout tracking and file access auditing. Using this information, a forensic investigator can create a detailed timeline of a user’s activities, going back months or in some cases years. Learn what information Windows maintains and where to find it.
How is data transmitted from one machine to another over the Internet? What network protocols are used by the Internet? How do you capture network traffic? What information is recorded by a user’s Internet Service Provider? How do you trace the origin of a Distributed Denial of Service Attack? This course will answer these questions and more, and provide the forensic investigator with the knowledge necessary to gather information about a suspect’s use of the internet. The student will learn how to capture network traces and trace the route through the Internet that packets followed.