Digital Forensics Foundation Training Course 4 Days
A 4 day practical training course for people who are responsible for digital forensic investigations or are wishing to become a digital forensic investigator.
The course will provide a solid foundation in the understanding of digital forensics principles and techniques. Each subject is covered in depth and supported by practical scenario based exercises to reinforce the learning points.
The candidate will use a range of free and open source forensic tools. This allows the candidate the opportunity to practice what they have learnt on the course without the need to invest in expensive forensic software / hardware. The course has been designed by experienced forensic investigators with many years’ experience ensuring the course content is both relevant and practical.
The course is aimed at people who are responsible for digital forensic investigations or are wishing to become digital forensic investigators, including: IT security professionals and law enforcement officers.
In-House Training :
- In-House Training Only.
- Daily Rate Charge.
- Maximum candidate in the class 12 or more please discuss with Digital Forensics Team directly.
Section 1 – Introduction to Digital Forensics
- Define Digital Forensics
- Define the Types of Forensic Investigations
- Legal Considerations
Section 2 – Investigation Fundamentals
- Good Practice Guidelines for Digital Evidence
- The Four Principles of Computer Based evidence.
- The Basics of a Digital Forensic Investigation
Section 3 – Identification and seizure of digital equipment
- Evidence Handling and Chain of Custody
- Identifying Electronic Sources of Evidence
- Dealing with Live Systems
- Seizure of Electronic Devices
Section 4 – Forensic Acquisitions
- Source Integrity
- Data Acquisition Types
- Forensic Acquisitions
- Forensic Image
- Forensic Clone
- Forensic Acquisition Tools (FTK Imager)
- Acquisition of Network Shares
Section 4 – Forensic Acquisitions – Continue
- Mounting a Forensic Image
- How to create a Ventoy bootable drive?
- Capturing RAM Memory
- Hash Values (digital fingerprint)
Section 5 – Understanding Hard Drive Terminology
- Traditional Hard Drives
- SSD Hard Drives
- Understanding Hard Drive Terminology
- Unified Extensible Firmware Interface (UEFI)
- GUID Partition Table (GPT)
Section 6 – File Systems & Data Storage
- NFTS File System
- Data Storage
- Introduction to Metadata
- Date and Time Stamps
Section 7 – Forensic Analysis Techniques
- Analysis Environments
- Case Preparation
- File/Folder Recovery
- File Signatures
- Data Carving
- Data Reduction Methods
- Corroborating Evidence
Section 8 – Windows Forensic Artefacts
- Windows Registry
- USB Forensics
- Internet History
- Prefetch Files
Section 8 – Windows Artefacts – Continue
- Identifying Installed Software
- Volume Shadow Copies
- Link File Analysis
- Identifying Executed Programs
- Searching the Registry
- Event Logs
Section 9 – Dealing with Digital Evidence for Court
- How to Prepare a Forensic Report?
- How to Prepare Evidence for Court?
- Giving Evidence as an Expert Witness
- Payment is due upon registration.
- Delegates who cancel after registration, or who don’t attend, are liable to pay the full course fee and no refunds can be given.
- We reserve the right to postpone or cancel a training course at any time.
- If a training course is cancelled by us, we will inform all registered delegates on the course as soon as possible. Upon the cancellation of a course, we will offer to each delegate a full refund for the cost of the course or alternative dates for the course.
- We will not be held liable for any expenses, either direct or indirect, or for loss of time, earnings or business, incurred as a result of a postponed or cancelled course.