Hands-on class on file system analysis

Summary: Many free and commercial tools are available to examine common file systems like ext3, HFS, NTFS, and the ubiquitous FAT. But how do you analyze a less common file system? During this hands-on class you will explore a number of sample disk images and learn how to:

• start with your analysis
• mount and dissect forensic disk images
• interpret partitioning schemes (MBR, GPT)
• break down a volume into functional units
• visualize your data using Gnuplot and GraphViz
• find repeating data structures
• make sense out of bit patterns

Students are required to bring their own computer with VMware installed. At least 1 GB of main memory and 30 GB of disk space should be free. A Linux VM with tools and sample data will be provided on DVD. Feel free to bring your own tools, too!