EXT Analysis

To access material, start machines and answer questions login.

analysis is a fundamental skill in digital forensics, allowing investigators to extract and interpret data stored on storage devices. EXT4, the default for many distributions, organizes data into structures like inodes, directories, and blocks, each carrying critical information about files, directories, and their history.

This room focuses on analyzing the EXT4 to gather evidence such as file creation, deletion, and manipulation. We'll learn how to use native tools and forensic software to detect anti-forensic techniques like timestomping, recover deleted files, and interpret metadata.

Learning Objectives

Learn about the EXT4 structure
Recognize forensic artifacts of the EXT4
Analyze Timestamps and events
Learn about tools to analyze the EXT4

Prerequisites

Before moving forward, start the by clicking the Start Machine button below. It will take around 2 minutes to load properly. The will be accessible on the right side of the split screen. If the is not visible, use the blue Show Split View button at the top of the page.

Answer the questions below

Let's get started!

Ready to learn Cyber Security?

The EXT Analysis room is only available for premium users. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.

Already have an account? Log in

EXT Analysis

Task 1IntroductionTask includes a deployable machine

Learning Objectives

Prerequisites

Task 2EXT File System StructurePremium

Task 3Forensic Artifacts in EXTPremium

Task 4Analyzing File System TimestampsPremium

Task 5Tools for EXT ForensicsPremium

Task 6 PracticalPremium

Task 7ConclusionPremium

Ready to learn Cyber Security?