DF-DSF : Digital Forensics – Data Storage Foundations

This three-day course is designed for the examiner tasked with recovery of data on collected electronic evidence. The course covers in depth architecture and functionality of the Windows NT File System (NTFS), the FAT and the ExFAT File Systems and related directory entry information for locating files on electronic devices. Attendees will gain insight into partitioning structures and disk layouts and the effects of formatting partitions and learn of system area data. File management and directory structures characteristics will be examined in detail as well as techniques for discovering potential evidence that maybe pivotal to a successful examination. This will be followed by topical areas of interest to include file headers and file hashing and recovery of deleted files. This course incorporates an investigative scenario, providing hands-on experience with examination of collected evidence.