All SDF courses may now be found at SUMURI.COM. This course will remain live in UDEMY for existing students.
Time travel anyone? Well, sort of... By creating computer forensic images from volume shadow copies you are able to capture the system in different points in time- going back days, weeks, months or even years. Drop these images into your favorite computer forensic tool and suddenly your pulling up previous versions of documents and deleted files and folders. I have used this technique to overcome the effects of computer "wiping" and "cleaning" utilities. This class teaches you how to identify and create these images in a few quick steps- no high cost computer forensic tools needed. In fact, you will be amazed how easy it is to do. If you are a computer forensic analyst then this is one of the top skills you need to have.
Welcome to the SDF series. In this class we are going to learn how to convert a shadow copy into a DD image file you can forensically process. First, however, let's learn a little about more about volume shadow copies.
Now that we have the fundamentals out of the way let's go hands on. The first thing we need to do is examine out target drive to see what shadow copy files exist and to get the information we will need for the imaging process. Next, we create our DD image using FAU. You will be amazed at how easy this is to do.
Let's check out the results and see the differences between some shadow copies.
Just a quick update about Windows 8.
Thanks for joining me and don't forget to download the cheat sheet.
Check out other classes of the SDF series at http://sumuri.com/training/surviving-digital-forensics/
Follow me on Twitter @LeclairDF to get the latest happenings of the SDF series.
Check out our Blog at http://sumuri.com/about/news/
Check out our Youtube channel https://www.youtube.com/user/SumuriNews
Over twelve years of experience as a Computer Forensic Analyst, author and developer of computer forensic training and analysis tools. Specialties include: Windows forensics, Mac forensics, iOS forensics, Mac Server forensics & mobile device forensics. Creator of the "Surviving Digital Forensics" series and part of SUMURI's RECON for Mac OS X development team.
Certifications include: CFCE, CISSP, CCE, EnCE, A+, Network+
Regularly instruct law enforcement, government and corporate investigators both nationally and internationally in computer forensics.