I have recently found a good forensics tutorial online. It is provided by a startup focusing on security and hacking related tutorial. The course link is here

The course is good in the sense that it covers the current US law and some common utilities for a forensics beginner.

It has 15 chapters altogether, the title is as followed. I try to put down the software it describes as well for my own reference later on.

1. Module 1 – Modern Forensics
2. Module 2 – Investigative Process
   • md5calc: Hash value for files
   • PC Inspector: File Recovery Software
   • RecoverMyFiles: Another File Recovery Software, $69.95+
   • Total Recall Data Recovery: Another File Recovery Software, 99 Pounds
   • md5sum: An old program to verify MD5 checksum
3. Module 3 – Searching and Seizing
4. Module 4 – Digital Evidence
5. Module 5 – First Responder
   • chkdisk: Windows Program to fix HDD problem, usually uses as chkdisk /f
   • Hex Workshop: Hex editors $89.95
6. Module 6 – Computer Forensics Labs
   • FileMerlin: File Converters for different format. $95
   • FileViewer: A quick viewer for MANY file format, it is FREE
   • Paraben P2 Explorer: Tools for mounting drive and extract information, FREE for limited functions
7. Module 7 – Hard Disks and File Systems
   • Efsinfo: Encrypted File System Info, Windows Resource Kit tools for enquiring EFS
   • FileScavenger: Recovery files, also recover bad sectors $54
   • ProcessMonitor: FREE Tools to look into windows process information
   • Easycleaner: Tool to find unused Registry entry
   • Rname it: Batch rename files FREE
   • System Information for Window: Gather system information
   • Add/Remove Pro: Free tools to manage Add Remove Program list
8. Module 8 – Windows Forensics
   • Kdirstat / WinDirStat: Tools to visualize disk usage
   • PSLoggedOn: Windows tools to determine logon on remote computers
   • Regedit & Regedt32: Windows Tool to view and edit registry
   • Total Commander: Classic multi-windows multi-function file explorer
9. Module 9 – Data Acquisition
   • Autospy Sleuthkit: Comprehensive forensic tools
   • DiskExplorer: Direct disk editor
   • FTK Imager: Extract memory, even after the program is closed
   • ListDLLs: ListDLLs is a utility that reports the DLLs loaded into processes
   • PMDump: PMDump is a tool that lets you dump the memory contents of a process to a file without stopping the process.
   • PromiscDetect: PromiscDetect checks if your network adapter(s) is running in promiscuous mode
   • Runtime Disk Explorer NTFS: Low level FS Scanner and Tool kit
10. Module 10 – Recovering and Deleting Files
    • File Scavenger: Another file recovery tool
    • Deleting Files Handy Recovery: A easy to use Recovery tool
    • Necleus Kernel: Cannot find what is it
    • Testdisk: A FREE and open source data recovery tool
    • Total Recall Data Recovery: Another File Recovery Software, 99 Pounds
    • WinUndelete: A Windows file recovery tool
11. Module 11 – Access Data
    • Access Data FTK: Integrated tools for 1st level computer scanning to locate suspicious files
12. Module 12 – Image Files
13. Module 13 – Steganography
    • Mp3Stegz: Tools to encrypt something inside a MP3 files without change the sound and filesize
    • QuickStego: Hide message in a Picture
    • XnView: Quick Image viewer
14. Module 14 – Application Password Checkers
    • Cain & Abel: Comprehensive vulunbility scanner and password crackers
    • PasswordPro: A Password Manager, FREE
    • SAM Inside: Windows credential crackers
    • Ophcrack: Open source tools to crack Windows Password, with LiveCD version
15. Module 15 – Log Capturing and Event Correlation
    • Event Log Analyzer: All in one Log Analyzer, FREE
    • Event Log Explorer: A better and FREE local log viewer
    • Syslog-NG: Comprehensive Multi Server logging solution, FREE
    • Kiwi SYSLOG Server: Paid Multi Server logging solution