Data Storage Foundations – Certification Course

This five-day course is designed for the examiner tasked with the recovery and analysis of data collected from electronic evidence.  Early modules examine techniques in the recovery of volatile data (RAM) including basic analysis techniques and a review of file system fundamentals.  This will be followed by an in-depth analysis of the architecture and functionality of the Microsoft New Technology File System (NTFS), and the exFAT file systems, including the detailed examination of related directory entry information for locating files on electronic media.  Attendees will gain insights into the effects of the formatting process and how the system areas function as well as file data management and directory entry metadata pertaining to the stored data.  All forensically relevant areas will be examined in detail as well as techniques for identifying potential evidence that may be pivotal to a successful advanced examination. These topics will be followed by a more in-depth analysis of forensic artifacts within a modern Windows environment that includes advanced Windows Registry examination, introduction to SQLite databases, and recovery of deleted files for the examination of artifacts aligned to user activity. 

https://www.spyderforensics.com/events/data-storage-foundations-certification-course-feb-2024/