Host Forensics
The intent of the Host Forensics Knowledge Unit is to provide students with the ability to apply forensics techniques to investigate and analyze a host in a network.
Topics
- Timeline Analysis
- File Systems and File System Forensics
- Known File Filters (KFF)
- Live System Investigations
- File Carving
Outcomes
- Describe what can/cannot be retrieved from various Operating Systems,
- Describe the methodologies used in host forensics.
- File Carving
KSA-T
Below are the Knowledge, Skills, Abilities and Tasks (KSA-T) identified as being required to perform this work role.
Learn More about the KAS-T's.
ID |
DESCRIPTION |
K0041 |
Knowledge of incident categories, incident responses, and timelines for responses. |
K0017 |
Knowledge of concepts and practices of processing digital forensic data. |
K0182 |
Knowledge of data carving tools and techniques (e.g., Foremost). |