ECTEG

European Cybercrime Training and Education Group

Home About Members Courses Apply for courses Contact

ECTEG course - Forensic Scripting using Bash


Title: Forensic Scripting using Bash
Year: May 2010 – Version 1.0
THIS TRAINING WILL BE UPDATED FOR end 2016 focused on python scripting
Duration: 1 week

Course Aim

The course is designed to take students with no programming experience, and bring them all to a common level of knowledge and understanding of scripting for forensic computing applications in a Linux environment.

Prerequisites

Students are expected to have successfully participated in basic training for high tech crime investigators. They will have normally completed the ECTEG Introductory IT Forensics and Network Investigations Course. Ideally students will have completed the ' ECTEG Linux as a Forensic Tool' course, or be able to demonstrate equivalent knowledge. They should have knowledge of common file systems, e.g. FAT, NTFS, and disk geometry, e.g. boot sector and partitioning. They should be comfortable with navigation of the Linux file system at the command line; editing, saving, setting permissions on files, awareness of common forensic techniques using Linux, e.g. basic regular expressions, dd, mount, The Sleuth Kit.

Students will need to be able to understand and communicate in English.

Small list of agenda / topics / main points

The software development cycle (the waterfall model):

Writing scripts:

If you are interested in applying for these courses please take a look at the application page for more information.