Linux Forensic Techniques (LINUX)

Purpose

This course is designed specifically for experienced technological crime investigators who possess a basic knowledge of the Linux operating system and who may be required to seize and / or analyse computer hardware running Linux. This course will take an in-depth look at some aspects of the Linux operating system and the Second Extended File System. The course will address the forensic analysis of a Linux based system as well using a Linux based system as an investigative / analysis tool.

The focus of this course is to give the investigator confidence in seizing stand-alone computer systems in a Linux environment and performing a forensic analysis of a Linux based personal computer.

Successful students will be able to

• Identify a Linux based system
• Safely seize a computer system running Linux
• Use Linux as a forensic tool
• Recover data from Second Extended File System formatted media

Course content

1. Linux basics review
2. Second Extended File System structure
3. Proper seizing procedure
4. Imaging
5. Searching
6. Data recovery
7. Linux tools and utilities
8. Linux forensics using Windows tools

Selection Criteria

To be eligible to take this course, students must meet the following criteria:

• have successfully passed the CMPFOR
• completed the on-line Linux course
• have successfully passed (75% minimum) the pre-admission exam. [Contact the training coordinator in your Police Service/Division to obtain on-line access for the exam.]
• be an investigator with a mandate to perform forensic analysis of personal computers

Duration: Ten working days. Centralized.

Number of Students: Twenty

Language of Instruction: English and French