Udemy
    •  
    •  
    •  
    •  
    •  
    •  
    •  
    •  
Subscribe
Turn what you know into an opportunity and reach millions around the world.
Learn More
Your cart is empty.
Keep shopping
Surviving Digital Forensics: Volume Shadow Copy
Rating: 4.3 out of 5(116 ratings)
749 students
Created byMichael Leclair
Last updated 4/2014
English

What you'll learn

  • Identifying volume shadow copies
  • Imaging volume shadow copies
  • Processing volume shadow copies
  • Understanding volume shadow copies

Course content

1 section5 lectures32m total length

  • Welcome & Introduction14:45

    Welcome to the SDF series. In this class we are going to learn how to convert a shadow copy into a DD image file you can forensically process. First, however, let's learn a little about more about volume shadow copies.

  • Imaging a Shadow Copy10:30

    Now that we have the fundamentals out of the way let's go hands on. The first thing we need to do is examine out target drive to see what shadow copy files exist and to get the information we will need for the imaging process. Next, we create our DD image using FAU. You will be amazed at how easy this is to do.

  • Reviewing the Results7:00

    Let's check out the results and see the differences between some shadow copies.

  • What about Windows 8?1:00

    Just a quick update about Windows 8.

  • Conclusion0:44

    Thanks for joining me and don't forget to download the cheat sheet.

    Check out other classes of the SDF series at http://sumuri.com/training/surviving-digital-forensics/

    Follow me on Twitter @LeclairDF to get the latest happenings of the SDF series.

    Check out our Blog at http://sumuri.com/about/news/

    Check out our Youtube channel https://www.youtube.com/user/SumuriNews

Requirements

  • Computer forensic analysis experience
  • IT Experience

Description

All SDF classes are in the process of being updated. Thank you for your patience.

Time travel anyone? Well, sort of... By creating computer forensic images from volume shadow copies you are able to capture the system in different points in time- going back days, weeks, months or even years. Drop these images into your favorite computer forensic tool and suddenly your pulling up previous versions of documents and deleted files and folders. I have used this technique to overcome the effects of computer "wiping" and "cleaning" utilities. This class teaches you how to identify and create these images in a few quick steps- no high cost computer forensic tools needed. In fact, you will be amazed how easy it is to do. If you are a computer forensic analyst then this is one of the top skills you need to have.

Who this course is for:

  • Computer Forensic Analysts
  • IT Professionals
  • Students

Report abuse