The class focuses on the forensic evidence located on the computer belonging to the suspect and /or victim – not online or cyber investigations. Email files and the Internet are cornerstones of consumer and business computer use. Virtually all computer forensic examinations will involve analysis of email and Internet artifacts, underscoring the need to understand the relevance of Internet and email-based evidence recovered during examinations.

  • Students will learn the history, operation and artifacts associated with peer-to-peer file-sharing applications such as BitTorrent™, LimeWire™ and BearShare.
  • Students will learn the impact of Trojan viruses through examination of:
    • Defense issues
    • The Windows Registry
    • Hash analysis
    • Anti-virus scanning and virus analysis using the EnCase Virtual File System (VFS) Module and the EnCase Physical Disk Emulator (PDE) Module
  • Students will learn how to examine system monitors and key loggers
  • Students will learn how to identify artifacts from instant message clients such as Windows Live Messenger and Yahoo! Messenger
  • Students will learn the operation of the Microsoft Internet Explorer web browser with regards to typed URLs, password and form-data storage, cookies, Internet history and cache content
  • Students will learn how web pages are constructed and will use this information, together with their new-found knowledge of cached Internet Explorer web content, to correctly rebuild web pages
  • Students will learn about artifacts introduced with Microsoft Internet Explorer versions
  • Students will learn about the history, operation and artifacts associated with Mozilla Firefox
  • Students will learn about the operation of web search engines
  • Students will learn about web-based email
  • Students will learn about the Microsoft Outlook PST structure and about viewing Lotus Notes email data