Module 3 of 8

Laptop/Computer Forensics

Master computer forensics including Windows, Linux, and macOS analysis. Learn file system structures (NTFS, ext4, APFS), live system analysis, RAM acquisition, Windows artifacts, browser forensics, and email investigation using industry-standard tools.

6
Parts
14-18
Hours
30
Quiz Questions
70%
Pass Mark
Start Learning
Your Progress 0%
Part 1: Computer Forensics Fundamentals
Part 2: Live System Analysis
Part 3: Windows Forensics Deep Dive
Part 4: Browser Forensics
Part 5: Email Forensics
Part 6: Practical Lab
Learning Objectives

What You Will Learn

By completing this module, you will achieve the following competencies

💻

Understand Windows, Linux, and macOS architecture and their forensic implications

🗃

Analyze NTFS, ext4, and APFS file systems to recover evidence and deleted files

🛠

Perform live system analysis including RAM acquisition and volatile data capture

🗒

Extract and analyze Windows artifacts: Registry, Event Logs, Prefetch, LNK, Jump Lists

🌐

Investigate browser artifacts from Chrome, Firefox, and Edge including private browsing

📧

Perform email forensics including PST/OST analysis and header examination for spoofing

Module Content

Module Parts

Complete all 6 parts before attempting the module quiz

1

Computer Forensics Fundamentals

120-150 minutes

Learn the architecture of Windows, Linux, and macOS operating systems. Understand file system structures including NTFS, ext4, and APFS with their forensic artifacts and evidence locations.

Windows Architecture Linux/macOS NTFS ext4/APFS
Not Started Start Part
2

Live System Analysis

120-150 minutes

Master techniques for analyzing live systems including volatile data collection, RAM acquisition using various tools, process analysis, network connection investigation, and proper documentation.

Volatile Data RAM Acquisition Process Analysis Network Connections
Not Started Start Part
3

Windows Forensics Deep Dive

150-180 minutes

Deep dive into Windows-specific artifacts including Registry analysis, Event Log investigation, Prefetch files, LNK shortcut analysis, Jump Lists, and user activity reconstruction.

Registry Analysis Event Logs Prefetch LNK/Jump Lists
Not Started Start Part
4

Browser Forensics

120-150 minutes

Investigate web browser artifacts from Chrome, Firefox, and Edge. Learn to extract browsing history, cookies, cache, downloads, and understand private browsing forensic implications.

Chrome Artifacts Firefox Analysis Edge Forensics Private Browsing
Not Started Start Part
5

Email Forensics

90-120 minutes

Master email forensics including PST/OST file analysis, email header examination, SMTP relay tracking, spoofing detection, and webmail investigation techniques.

PST/OST Analysis Header Analysis Spoofing Detection Webmail Forensics
Not Started Start Part
6

Practical Lab

180-240 minutes

Hands-on practical exercises using Autopsy and FTK Imager. Perform disk imaging, evidence analysis, artifact extraction, and generate comprehensive forensic reports.

Autopsy FTK Imager Disk Imaging Report Generation
Not Started Start Part
?

Module 3 Assessment Quiz

30
Questions
50
Minutes
70%
Pass Mark

Complete all 6 parts to unlock the module quiz. Test your understanding of computer forensics, Windows artifacts, browser analysis, email investigation, and practical tool usage.

Take Quiz
Module 2 Start Module Module 4