Introduction to Digital Forensics Training
|Commitment||3 days, 7-8 hours a day.|
|How To Pass||Pass all graded assignments to complete the course.|
|User Ratings||Average User Rating 4.8 See what learners said|
|Delivery Options||Instructor-Led Onsite, Online, and Classroom Live|
Introduction to Digital Forensics Training Course – Hands-on
This introductory course on Digital Forensics addresses technical IT staff who mostly work as administrators and auditors without routine duties related to forensic analysis. The course is also open to forensics trainers such as lecturers and tutors whose duties include forensics training. Experienced digital forensic staff may benefit from a more advanced course. The Introduction to Digital Forensics Training course covers the broad topics essential to the digital forensics disciplines. It sets out a framework for investigations, covering the best practice as described by The National Police Chiefs’ Council (NPCC) formally ACPO guidelines. Forensic fundamentals will be covered as well as the use of open source forensic tools. The data will be then analysed and an example report produced.
Participants to this Introduction to Digital Forensics Training course learn about the methods to identify, preserve, analysis and report on digital artefacts. Using a mixed approach of fundamentals and open source software, delegates will be able to select suitable tools and report on their findings in an evidential way.
Introduction to Digital Forensics Training Course – Customize it
- We can adapt this Introduction to Digital Forensics Training course to your group’s background and work requirements at little to no added cost.
- If you are familiar with some aspects of this Introduction to Digital Forensics Training course, we can omit or shorten their discussion.
- We can adjust the emphasis placed on the various topics or build the Introduction to Digital Forensics Training around the mix of technologies of interest to you (including technologies other than those included in this outline).
- If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the training course in manner understandable to lay audiences.
Introduction to Digital Forensics Training Course – Audience/Target Group
The target audience for this training course:
- The introduction to digital forensic Training course audience includes all teams across the IT, Security, Internal Audit, Law Enforcement and Government.
Introduction to Digital Forensics Training Course – Objectives:
Upon completing this training course, learners will be able to meet these objectives:
- The purpose, benefits, and key terms of digital forensics.
- Describe and adhere to the principles of the forensic framework
- Understand the importance of the chain of custody
- Demonstrate a basic knowledge of key locations in different operating systems
- Identify how different file systems represent files and how they deal with deletion etc.
- Understand where timestamps and other meta data comes from
- Have knowledge of the legal framework in which they operate, and the expected level of ethical behaviour expected.
- Reporting and 5x5x5 procedures.
Introduction to Digital Forensics Training – Course Content
Module 1: Intro to Digital forensic
- Describe what digital forensics is
- Identify which crimes use computer, cyber crime/ cyber enabled crime
- What skills should a computer forensic expert have?
- Introduce the forensic framework,
- Extended Framework: Collection authority and legislation for digital evidence
Module 2: Forensic fundamentals
- What is data and how is it represented in a computer?
- Create a .txt and examine in a hex editor
- Discuss number systems Binary and Hex
- Look at different files, compare a word document with the same text as the .txt file from a)
- What is a digital device and how do we collect its data?
- Memory capture -brief at this stage
- Look at Hard drives
- What does a hard drive look like? (inc flash)
- History CHS and LBA addressing
- Use of encryption on equipment and how that effects the investigation
Module 3: Framework: Collection
- Crime scene management
- Recording the scene and documenting your actions
- To switch off or not: discuss the issue and create a first responders flow chart
- Safe removal of hard drives
- Other media, ‘pen’ drives, optical media and other removables
- Cloud based data
- Mobile in brief on the air wiping
Module 4: Examination 1: Data acquisition and preserving evidence for court
- Write blocking and disk imaging
- Alternative methods of disk imaging
- Principles of hashing
Module 5: Examination 2: File system Analysis
- Demonstrate tools to mount the image
- Describe how to identify and examine the file system
- Look how different file system represent data on disk
- Overview of FAT and NTFS
- Look at the way deleted files are handled
- Describe how to identify Operating systems
- Look at default locations for user data
- Overview of the windows registry and useful locations for data
Module 6: Analysis
- Levels of persistence and what it means evidently e.g ‘live’; ‘deleted’, ‘over-written’
- Time lines
- Putting the suspect ‘in front of the keyboard’
Module 7: Reporting forensic findings and digital intelligence
- Understanding the scope of the investigation
- Tone and style backing up the substance
- An understanding of ‘true’ and how information can be presented in a neutral way
- Overview of digital intelligence including open source
Module 8: Legal framework
- Identify what authority the investigation is being performed
Understand the bounds of the investigation as defined in the scope
Module 9: Mobile Forensics: introduction
- Handling of mobile devices to preserve data
- Physical and logical analysis of mobile devices
Module 10: E-discovery: introduction
What is E-discovery?
Review of E-discovery tools and techniques.