Surviving Digital Forensics: Link Files
4.2 (25 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
164 students enrolled
Wishlisted Wishlist

Please confirm that you want to add Surviving Digital Forensics: Link Files to your Wishlist.

Add to Wishlist

Surviving Digital Forensics: Link Files

A computer forensic guide for understanding LINK file evidence on Windows computer systems
4.2 (25 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
164 students enrolled
Last updated 6/2015
English
Price: $150
30-Day Money-Back Guarantee
Includes:
  • 1.5 hours on-demand video
  • 2 Articles
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
Have a coupon?
What Will I Learn?
Learn how to interpret LINK files on Windows 7 & Windows 8 systems
Learn how to tie a specific User account to LINK file activity
Learn to identify first and last file access times using LINK files
Learn how to discover the drive letter, volume name and file path of accessed files using LINK file data
Learn how User activity affects LINK file evidence
Learn how to manually locate and decode embedded LINK file data such as MAC times
Learn to do all of this using freely available computer forensic tools
View Curriculum
Requirements
  • Windows 7 or Windows 8 computer system
  • Basic computer forensic fundamentals
  • Basic Windows computer fundamentals
Description

All course may now be found at SUMURI.COM. This course will remain live in UDEMY for existing students.

Windows LINK files are a great source of information when your aim is proving file use and knowledge during a computer forensic investigation. This course goes beyond automated results and digs into the body of a LINK file in order to understand how it is constructed and how to manually pull out and interpret the data. Through a series of hands-on validation exercises and practical exercises you will gain a firm understanding of how LINK file data is affected by different types of user driven behavior. Using all freely available tools, this course takes you through the process of understanding what automated tools do under the hood - all in about an hour.

Source material for the practical exercises is provided. Just bring your Windows 7 or Windows 8 system and a desire to learn.

Who is the target audience?
  • Computer forensic analysts
  • IT Professionals
  • Computer crime investigators
  • Students
Students Who Viewed This Course Also Viewed
Curriculum For This Course
Expand All 25 Lectures Collapse All 25 Lectures 01:31:28
+
Welcome and Introduction
3 Lectures 10:59

Welcome to the SDF series.

Preview 06:54

Just a few tips to help you get the most from this training.

Preview 02:13

This class is going to focus on using Link files to prove file use and knowledge. Here are the details.

Preview 01:52
+
Link File Evidence Overview
8 Lectures 17:23

Back to basics, let's spend a few minutes reviewing what a link file is.

What is a Link file?
01:45

A discussion on the forensic value of Link files as it related to proving file use and knowledge.

Forensic value
03:23

Some examples of two different types of Link files.

Link file examples
02:46

Details of the file header of a Link file.

Link file signature
00:19

A look at Link file MAC time properties.

Date & time primer
01:42

Identifying the embedded file path in a link file.

Embedded file path
00:49

Identifying embedded volume names in Link files.

Embedded volume names
01:15

Identifying the embedded MAC times of the linked file.

Embedded MAC times
05:24
+
Validation Exercises
5 Lectures 17:34

Get setup for the validation exercises.

Tools for Validation Exercises
00:09

Get first hand experience on certain behavior of Link files through this hands-on exercise.

Validation exercise #1
05:55

Get first hand experience on certain behavior of Link files through this hands-on exercise.

Validation exercise #2
02:53

Get first hand experience on certain behavior of Link files through this hands-on exercise.

Validation exercise #3
02:56

Validation exercise #4
05:41
+
Practical Exercises
5 Lectures 34:17

Get set up for the practical exercises.

Tools and files for practical exercises
00:12

Listen to the scenario details, examine the attached Link file evidence and answer the questions. I walk you through the solution so you can check you results.

Practical exercise #1
09:03

Listen to the scenario details, examine the attached Link file evidence and answer the questions. I walk you through the solution so you can check you results.

Practical exercise #2
05:32

Listen to the scenario details, examine the attached Link file evidence and answer the questions. I walk you through the solution so you can check you results.

Practical exercise #3
09:15

Listen to the scenario details, examine the attached Link file evidence and answer the questions. I walk you through the solution so you can check you results.

Practical exercise #4
10:15
+
Automated Tools & Other Mentions
2 Lectures 09:06

Here is a look at an automated tool you can use to both quickly gather Link file data as well as use for your own validation exercises.

Automated tools
05:28

Here are some details about other types of information that can be extracted from Link files.

Honorable mentions
03:38
+
Thank you and conclusion
2 Lectures 02:04
Comprehension Quiz
4 questions

A review of the course and its goals.

Class review
01:02

Thanks for doing me in this edition of the SDF series. If you like this course be sure to check out the others at sumuri.com. Classes are added on a rolling basis. Stay up to date with the latest happenings and join the SDF community by following me on Twitter @leclairdf.

Thank you and conclusion
01:02
About the Instructor
Michael Leclair
4.4 Average rating
297 Reviews
2,245 Students
15 Courses
Computer Forensic Analyst

Over twelve years of experience as a Computer Forensic Analyst, author and developer of computer forensic training and analysis tools. Specialties include: Windows forensics, Mac forensics, iOS forensics, Mac Server forensics & mobile device forensics. Creator of the "Surviving Digital Forensics" series and part of SUMURI's RECON for Mac OS X development team.

Certifications include: CFCE, CISSP, CCE, EnCE, A+, Network+

Regularly instruct law enforcement, government and corporate investigators both nationally and internationally in computer forensics.