Surviving Digital Forensics: Link Files

A computer forensic guide for understanding LINK file evidence on Windows computer systems
4.2 (24 ratings)
Instead of using a simple lifetime average, Udemy calculates a
course's star rating by considering a number of different factors
such as the number of ratings, the age of ratings, and the
likelihood of fraudulent ratings.
161 students enrolled
$19
$70
73% off
Take This Course
  • Lectures 25
  • Length 1.5 hours
  • Skill Level All Levels
  • Languages English
  • Includes Lifetime access
    30 day money back guarantee!
    Available on iOS and Android
    Certificate of Completion
Wishlisted Wishlist

How taking a course works

Discover

Find online courses made by experts from around the world.

Learn

Take your courses with you and learn anywhere, anytime.

Master

Learn and practice real-world skills and achieve your goals.

About This Course

Published 6/2015 English

Course Description

Windows LINK files are a great source of information when your aim is proving file use and knowledge during a computer forensic investigation. This course goes beyond automated results and digs into the body of a LINK file in order to understand how it is constructed and how to manually pull out and interpret the data. Through a series of hands-on validation exercises and practical exercises you will gain a firm understanding of how LINK file data is affected by different types of user driven behavior. Using all freely available tools, this course takes you through the process of understanding what automated tools do under the hood - all in about an hour.

Source material for the practical exercises is provided. Just bring your Windows 7 or Windows 8 system and a desire to learn.

What are the requirements?

  • Windows 7 or Windows 8 computer system
  • Basic computer forensic fundamentals
  • Basic Windows computer fundamentals

What am I going to get from this course?

  • Learn how to interpret LINK files on Windows 7 & Windows 8 systems
  • Learn how to tie a specific User account to LINK file activity
  • Learn to identify first and last file access times using LINK files
  • Learn how to discover the drive letter, volume name and file path of accessed files using LINK file data
  • Learn how User activity affects LINK file evidence
  • Learn how to manually locate and decode embedded LINK file data such as MAC times
  • Learn to do all of this using freely available computer forensic tools

What is the target audience?

  • Computer forensic analysts
  • IT Professionals
  • Computer crime investigators
  • Students

What you get with this course?

Not for you? No problem.
30 day money back guarantee.

Forever yours.
Lifetime access.

Learn on the go.
Desktop, iOS and Android.

Get rewarded.
Certificate of completion.

Curriculum

Section 1: Welcome and Introduction
06:54

Welcome to the SDF series.

02:13

Just a few tips to help you get the most from this training.

01:52

This class is going to focus on using Link files to prove file use and knowledge. Here are the details.

Section 2: Link File Evidence Overview
01:45

Back to basics, let's spend a few minutes reviewing what a link file is.

03:23

A discussion on the forensic value of Link files as it related to proving file use and knowledge.

02:46

Some examples of two different types of Link files.

00:19

Details of the file header of a Link file.

01:42

A look at Link file MAC time properties.

00:49

Identifying the embedded file path in a link file.

01:15

Identifying embedded volume names in Link files.

05:24

Identifying the embedded MAC times of the linked file.

Section 3: Validation Exercises
Article

Get setup for the validation exercises.

05:55

Get first hand experience on certain behavior of Link files through this hands-on exercise.

02:53

Get first hand experience on certain behavior of Link files through this hands-on exercise.

02:56

Get first hand experience on certain behavior of Link files through this hands-on exercise.

Validation exercise #4
05:41
Section 4: Practical Exercises
Article

Get set up for the practical exercises.

09:03

Listen to the scenario details, examine the attached Link file evidence and answer the questions. I walk you through the solution so you can check you results.

05:32

Listen to the scenario details, examine the attached Link file evidence and answer the questions. I walk you through the solution so you can check you results.

09:15

Listen to the scenario details, examine the attached Link file evidence and answer the questions. I walk you through the solution so you can check you results.

10:15

Listen to the scenario details, examine the attached Link file evidence and answer the questions. I walk you through the solution so you can check you results.

Section 5: Automated Tools & Other Mentions
05:28

Here is a look at an automated tool you can use to both quickly gather Link file data as well as use for your own validation exercises.

03:38

Here are some details about other types of information that can be extracted from Link files.

Section 6: Thank you and conclusion
Comprehension Quiz
4 questions
01:02

A review of the course and its goals.

01:02

Thanks for doing me in this edition of the SDF series. If you like this course be sure to check out the others at sumuri.com. Classes are added on a rolling basis. Stay up to date with the latest happenings and join the SDF community by following me on Twitter @leclairdf.

Students Who Viewed This Course Also Viewed

  • Loading
  • Loading
  • Loading

Instructor Biography

Michael Leclair, Computer Forensic Analyst

Over twelve years of experience as a Computer Forensic Analyst, author and developer of computer forensic training and analysis tools. Specialties include: Windows forensics, Mac forensics, iOS forensics, Mac Server forensics & mobile device forensics. Creator of the "Surviving Digital Forensics" series and part of SUMURI's RECON for Mac OS X development team.

Certifications include: CFCE, CISSP, CCE, EnCE, A+, Network+

Regularly instruct law enforcement, government and corporate investigators both nationally and internationally in computer forensics.

Ready to start learning?
Take This Course