Surviving Digital Forensics: Volume Shadow Copy
4.4 (14 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
256 students enrolled
Wishlisted Wishlist

Please confirm that you want to add Surviving Digital Forensics: Volume Shadow Copy to your Wishlist.

Add to Wishlist

Surviving Digital Forensics: Volume Shadow Copy

Learn how to tap into this amazing source of historical user information. It's easier than you think!
4.4 (14 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
256 students enrolled
Created by Michael Leclair
Last updated 4/2014
English
Price: $150
30-Day Money-Back Guarantee
Includes:
  • 33 mins on-demand video
  • 1 Supplemental Resource
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
What Will I Learn?
  • Identifying volume shadow copies
  • Imaging volume shadow copies
  • Processing volume shadow copies
  • Understanding volume shadow copies
View Curriculum
Requirements
  • Computer forensic analysis experience
  • IT Experience
Description

All SDF courses may now be found at SUMURI.COM. This course will remain live in UDEMY for existing students.

Time travel anyone? Well, sort of... By creating computer forensic images from volume shadow copies you are able to capture the system in different points in time- going back days, weeks, months or even years. Drop these images into your favorite computer forensic tool and suddenly your pulling up previous versions of documents and deleted files and folders. I have used this technique to overcome the effects of computer "wiping" and "cleaning" utilities. This class teaches you how to identify and create these images in a few quick steps- no high cost computer forensic tools needed. In fact, you will be amazed how easy it is to do. If you are a computer forensic analyst then this is one of the top skills you need to have.

Who is the target audience?
  • Computer Forensic Analysts
  • IT Professionals
  • Students
Students Who Viewed This Course Also Viewed
Curriculum For This Course
+
Survive Volume Shadow Copy
5 Lectures 32:59

Welcome to the SDF series. In this class we are going to learn how to convert a shadow copy into a DD image file you can forensically process. First, however, let's learn a little about more about volume shadow copies.

Preview 14:45

Now that we have the fundamentals out of the way let's go hands on. The first thing we need to do is examine out target drive to see what shadow copy files exist and to get the information we will need for the imaging process. Next, we create our DD image using FAU. You will be amazed at how easy this is to do.

Imaging a Shadow Copy
10:30

Let's check out the results and see the differences between some shadow copies.

Reviewing the Results
07:00

Just a quick update about Windows 8.

What about Windows 8?
1 page

Thanks for joining me and don't forget to download the cheat sheet.

Check out other classes of the SDF series at http://sumuri.com/training/surviving-digital-forensics/

Follow me on Twitter @LeclairDF to get the latest happenings of the SDF series.

Check out our Blog at http://sumuri.com/about/news/

Check out our Youtube channel https://www.youtube.com/user/SumuriNews

Conclusion
00:44
About the Instructor
Michael Leclair
4.5 Average rating
318 Reviews
2,252 Students
15 Courses
Computer Forensic Analyst

Over twelve years of experience as a Computer Forensic Analyst, author and developer of computer forensic training and analysis tools. Specialties include: Windows forensics, Mac forensics, iOS forensics, Mac Server forensics & mobile device forensics. Creator of the "Surviving Digital Forensics" series and part of SUMURI's RECON for Mac OS X development team.

Certifications include: CFCE, CISSP, CCE, EnCE, A+, Network+

Regularly instruct law enforcement, government and corporate investigators both nationally and internationally in computer forensics.