
Welcome to the SDF series.
Just a few tips to help you get the most from this training.
This class is going to focus on using Link files to prove file use and knowledge. Here are the details.
Back to basics, let's spend a few minutes reviewing what a link file is.
A discussion on the forensic value of Link files as it related to proving file use and knowledge.
Some examples of two different types of Link files.
Details of the file header of a Link file.
A look at Link file MAC time properties.
Identifying the embedded file path in a link file.
Identifying embedded volume names in Link files.
Identifying the embedded MAC times of the linked file.
Get setup for the validation exercises.
Get first hand experience on certain behavior of Link files through this hands-on exercise.
Get first hand experience on certain behavior of Link files through this hands-on exercise.
Get first hand experience on certain behavior of Link files through this hands-on exercise.
Get set up for the practical exercises.
Listen to the scenario details, examine the attached Link file evidence and answer the questions. I walk you through the solution so you can check you results.
Listen to the scenario details, examine the attached Link file evidence and answer the questions. I walk you through the solution so you can check you results.
Listen to the scenario details, examine the attached Link file evidence and answer the questions. I walk you through the solution so you can check you results.
Listen to the scenario details, examine the attached Link file evidence and answer the questions. I walk you through the solution so you can check you results.
Here is a look at an automated tool you can use to both quickly gather Link file data as well as use for your own validation exercises.
Here are some details about other types of information that can be extracted from Link files.
A review of the course and its goals.
Thanks for doing me in this edition of the SDF series. If you like this course be sure to check out the others at sumuri.com. Classes are added on a rolling basis. Stay up to date with the latest happenings and join the SDF community by following me on Twitter @leclairdf.
Windows LINK files are a great source of information when your aim is proving file use and knowledge during a computer forensic investigation. This course goes beyond automated results and digs into the body of a LINK file in order to understand how it is constructed and how to manually pull out and interpret the data. Through a series of hands-on validation exercises and practical exercises you will gain a firm understanding of how LINK file data is affected by different types of user driven behavior. Using all freely available tools, this course takes you through the process of understanding what automated tools do under the hood - all in about an hour.
Source material for the practical exercises is provided. Just bring your Windows 7 or Windows 8 system and a desire to learn.