This module focuses upon forensic artefacts remaining upon a subject machine that has been used on the Internet. Methods and tools for the recovery of such items are discussed as well as binary confirmation of the presence and physical location of those artefacts. The importation of “unusual” software applications, particularly Email applications, is demonstrated and methods of extracting data from such proprietary storage systems are demonstrated and experienced. Examinations/analysis are carried out on prepared hard disks with suitable scenarios. Trojans and virus infections are explored and methods of assessing their impact are discussed.
If you have been a student on this course, please feel free to leave your comments below.