From the course: Operating System Forensics
Roles in forensics
- [Instructor] OSs are crime scenes in digital investigations. They contain traces of digital crimes such as information theft or ransomware attacks. The job of an investigator is to skillfully excavate the evidence and preserve it. And to do this effectively, in-depth knowledge of OSs is essential. As we learned earlier, OSs allow us to interact with computers to tell them what we want to do. Criminals are not exceptions. When committing crimes through computers or any other digital devices, criminals also have to rely on OSs, and leave trails of evidence. These days, one of the first acts law enforcement officers do to investigate a crime is to check a suspect's computer or phone. What officers look for could be as simple as the websites criminals visited and the search terms they used. If they looked for how to create a bomb, you may be a step closer to linking the people to the crime you're investigating. To look for clues like these, investigators have to rely on an OS to retain the evidence of their interest, and OSs do keep the data. The challenge is knowing where to look and what tools to use to retrieve the data. In the search history example, tech-savvy computer users know where to find the information and even how to erase it. In Google Chrome, all you have to do is to click on the Customize and control Google Chrome icon and choose the History option, like this. Do you see the Clear browsing data option? Criminals can use this feature and remove the entire browsing history. If you're not trained in OS forensics, this could be the end of your investigation. However, if you are, you know there are many other places you can look for the search history data. This is the powerful role OSs and their mastery play in digital forensics, and why it's critical to learn OS forensics techniques to be an effective investigator.
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.