Operating Systems & Systems Programming Topics
Covers operating system fundamentals and systems programming topics, including process management, memory management, file system interfaces, inter-process communication, low-level kernel interactions, and system call interfaces (e.g., fork, exec, opendir, stat) across Unix/Linux and other OS environments.
Operating System Artifact Analysis
This topic covers deep knowledge of operating system specific forensic artifacts across Windows, macOS, and Linux. Candidates should be able to identify and interpret artifacts such as registry keys, event logs, master file table entries, prefetch and link files, file system timestamps, unified logs, fsevents, audit logs, shell histories, scheduled tasks and crontabs, and common persistence mechanisms. Assessment includes building timelines, correlating user and system activity with network and application logs, and explaining platform specific acquisition and analysis trade offs.
Operating System and File System Forensics
Knowledge of operating system and file system internals and artifacts used to reconstruct user and system activity. Topics include storage structures and metadata, file system carving and recovery, timeline reconstruction, analysis of system and application logs, registry and preference artifacts on desktop and mobile platforms, and methods for extracting user activity and persistence mechanics. Candidates should be able to explain how file system metadata and system artifacts are used to prove timelines and user actions and how to recover and interpret deleted or partially corrupted data.