Title: Forensic Scripting using Bash
Year: May 2010 – Version 1.0
THIS TRAINING WILL BE UPDATED FOR end 2016 focused on python scripting
Duration: 1 week
The course is designed to take students with no programming experience, and bring them all to a common level of knowledge and understanding of scripting for forensic computing applications in a Linux environment.
Students are expected to have successfully participated in basic training for high tech crime investigators. They will have normally completed the ECTEG Introductory IT Forensics and Network Investigations Course. Ideally students will have completed the ' ECTEG Linux as a Forensic Tool' course, or be able to demonstrate equivalent knowledge. They should have knowledge of common file systems, e.g. FAT, NTFS, and disk geometry, e.g. boot sector and partitioning. They should be comfortable with navigation of the Linux file system at the command line; editing, saving, setting permissions on files, awareness of common forensic techniques using Linux, e.g. basic regular expressions, dd, mount, The Sleuth Kit.
Students will need to be able to understand and communicate in English.
Small list of agenda / topics / main points
The software development cycle (the waterfall model):
All courses that have been developed for ECTEG are freely available for law enforcement organisations. They include all necessary slides as well as manuals for trainers and students. The courses include the following properties: