CFS: Storage Device and Operating Systems

nds security and vulnerability assessment

Course Description

The Computer Forensic Series by EC-Council provides the knowledge and skills to identify, track, and prosecute the cyber-criminal. The series is comprised of five books covering a broad base of topics in Computer Hacking Forensic Investigation, designed to expose the reader to the process of detecting attacks and collecting evidence in a forensically sound manner with the intent to report crime and prevent future attacks. Learners are introduced to advanced techniques in computer investigation and analysis with interest in generating the potential legal evidence. This and the other four books provide preparation to identify evidence in computer related crime and abuse cases as well as track the intrusive hacker's path through a client system. The series and accompanying labs help prepare the security student or professional to profile an intruder's footprint and gather all necessary information and evidence to support prosecution in a court of law.

Hard Disks, file and operating systems provides a basic understanding of file systems, hard disks, and digital media devices. Boot processes, Windows, and Linux Forensics and application of password crackers are all discussed.


Hard Disk and Operating Systems


Who Should Attend
This course will significantly benefit the security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure.

  • Duration: 2 days (9:00AM – 5:00PM)
  • CPE/ECE Qualification: 2 ECE Credits awarded for attendance (1 for each 8 hour class day)
  • Program Cost: $750 USD
  • Supplement Cost (Courseware & Certificate exam Access): $75 USD
  • Bundle Price: $799 USD
  • Getting Started: Find Training Click HERE
  • Corporate Trainers interested in setting up internal company training programs, click here



What’s included?

  • Physical Courseware
  • 1 year Access To EC-Council Student LMS for Practical Labs (if applicable), testing, and Certificate

Related Certificates:

  • Computer Forensic Specialist: Procedures and Response
  • Computer Forensic Specialist: Network Intrusion & Cybercrime
  • Computer Forensic Specialist: Data and Image Files
  • Computer Forensic Specialist: Wireless Networks and Devices


Course Briefing

Understanding File Systems and Hard Disks

Hard disk is an important source of the information, by the point of view of the investigator. Thus, an investigator should know the structure and behavior of the hard disk. The data to be collected as the evidence from the hard disk has to be located and protected from perishing. Hence, all the necessary information about the hard disk should be known to the investigator. Also, the file system is important as the data storage and distribution in the hard disk is dependent on the file system used. On completion of this chapter, an investigator gets familiar with disk drive, types of hard disk interfaces, and understanding of file systems, disk partitions, and various hard disk evidence collector tools.

Understanding File Systems and Hard Disks

Digital Evidence is delicate information which needs to be collected and preserved carefully. Now-a-days, the use of digital devices is increased drastically and thus the use of such digital devices in crime is more than the previous. Hence, an investigator needs to deal with the evidence collection and preservation of the evidences from the digital device. This chapter will introduce you how to find the digital evidence from the computer system or any electronic devices that contains digital data in forensically sound manner. This chapter discusses about digital media devices such as: tapes, floppy disks, CDs, DVDs, iPods, flash memory cards, and USB flash drives.

Windows, Linux, and Macintosh Boot Processes

Booting is the process of loading an operating system into the computer's main memory or random access memory (RAM). Once the operating system is loaded, the computer is ready for users to run applications. This chapter describes the terminologies and basic booting process in Windows XP, Linux, and Mac OS X operating systems. It also emphasizes the various step by step booting processes for windows Linux and Mac OS X.

Windows Forensics I

When a Windows based system is investigated for gathering evidence and relevant facts, it involves several steps for collecting volatile data. Volatile data contains the current information about the machines, registers, caches, etc. This chapter familiarizes with the process of forensic investigation in windows based environment. It also highlights the various tools that help in the investigation process to solve windows crimes.

Windows Forensics II

Windows operating system maintains the logs of the activities done by the user and also the changes taking place on the system. These logs are important by the point of view of the investigation as it shows the things which happened on the system and changes taken place. These logs are stored on the specific location in the system; an investigator should have knowledge of the system as it will help to extract the logs and use it as evidence. This chapter explains about the text based logs and forensic analysis of the event based logs. It also covers the password issues encountered during the investigation.

Linux Forensics

Linux is an important and widely used operating system. Many users opt for the Linux as it is free and open source. Forensic investigator should know how to investigate the Linux system and where to search for the evidences. A detailed and good knowledge about the Linux system will help the investigator in the investigation process. This chapter familiarizes with the Linux forensic investigation process. It discusses the analysis techniques such as Floppy Disk Analysis and Hard Disk Analysis. It also emphasizes several popular Linux tool kits that provide GUI as well for convenience and their search techniques.

Application Password Crackers

A password cracker is an application program that is used to identify an unknown or forgotten password to a computer or network resource. It can also be used to help a human cracker to obtain unauthorized access to resources.
This chapter deals with password crackers and tools used in the password recovery. It throws light on delicate concepts, such as ways to bypass BIOS passwords, remove CMOS batteries, and Windows XP/2000/NT keys. It also enumerates the BIOS password crackers and explains the passware kit. It also highlights topics such as the default password database and distributed network attacks.