File-system post-mortem forensic analysis


Whom, where, when, how… has your system been corrupted?

Target audience: IT or operational security teams
Languages: EN / DE
Duration: 1 day
Level: Knowledge of operating systems and IT security is required

     (all prices are understood VAT excluded)

Training info

Forensic Analysis is based on the assumption that everything leaves a trace behind. A trace in an information system can be any data that helps to identify space and time actions. Post mortem analysis is a key tool to discover and analyse security incidents. This course will teach the participant how to find answers to what has happened by analysing different layers from the physical medium to the file system up to the application level.


  • Perform disk acquisition the right way
  • Introduce to file system analysis (NTFS/FAT)
  • Analyse operating system artifacts (MS Windows)
  • Find evidences in communication applications (e.g. browser or chat history)
  • Forensic correlation with threat intelligence platform like MISP
Request Training