Digital Forensic Foundation Course

4 Day – Digital Forensic Foundation Course

This course is a 4-day intensive training program that will introduce you to the exciting and challenging field of digital forensics. You will learn the fundamentals of digital forensics, such as how to identify, collect, and analyze digital evidence from various sources.
The course is designed for anyone who wants to pursue a career as a digital forensic investigator or for those who already work in cyber security and want to improve their incident response skills. The course is suitable for beginners as well as intermediate learners, as it covers both the theoretical and practical aspects of digital forensics. You will gain hands-on experience using free and open source tools to perform forensic tasks on real-world scenarios.
The course is taught by experienced forensic investigators who have extensive knowledge and expertise in the field. They will guide you through the course content and provide you with feedback and support along the way. By the end of the course, you will have a solid foundation in digital forensics and be ready to apply your skills in the real world.

Aim:

The course will provide you with an understanding of the fundamental principles and techniques of digital forensics such as how to identify, collect, and analyze digital evidence from various sources.

Outcome:

By the end of the course, you will have a solid foundation in digital forensics so you can apply your skills in the real world.

Course Content:

Day 1
  • Section 1 – Introduction to Digital Forensics
    • Define Digital Forensics
    • Define the Types of Digital Forensic Investigations
    • Legal Considerations
  • Section 2 – Investigation Fundamentals
    • Good Practice Guidelines for Digital Evidence
    • The Four Principles of Computer Based Evidence
    • The Basics of a Digital Forensic Investigation
  • Section 3 – Identification & Seizure of Digital Equipment
    • Evidence Handling & Chain of Custody
    • Identifying Electronic Sources of Evidence
    • Dealing with Live Systems
    • Seizure of Electronic Devices
  • Section 4 – Forensic Acquisitions
    • Source Integrity
    • Data Acquisition Types
    • Forensic Acquisitions
    • Forensic Image
    • Forensic Clone
    • Forensic Acquisition Tools (FTK Imager)
    • Acquisition of Network Shares
Day 2
  • Section 4 – Forensic Acquisitions – Continue
    • Mounting a Forensic Image
    • How to create a bootable drive for Acquisitions?
    • Capturing RAM Memory
    • Hash Values (digital fingerprint)
  • Section 5 – Understanding Hard Drive Terminology
    • Traditional Hard Drives
    • SSD Hard Drives
    • Understanding Hard Drive Terminology
    • Unified Extensible Firmware Interface (UEFI)
    • GUID Partition Table (GPT)
  • Section 6 – File Systems & Data Storage
    • NTFS File System
    • Data Storage
    • Introduction to Metadata
    • Date and Time Stamps
    • NTFS Encryption
Day 3
  • Section 7 – Forensic Analysis Techniques
    • Analysis Environments
    • Case Preparation
    • File/Folder Recovery
    • File Signatures
    • Data Carving
    • Data Reduction Methods
    • Corroborating Evidence
  • Section 8 – Windows Forensic Artefacts
    • Windows Registry
    • USB Forensics
    • Internet History
    • Prefetch Files
Day 4
  • Section 8 – Windows Forensic Artefacts (continue)
    • Identifying Installed Software
    • Volume Shadow Copies
    • Link File Analysis
    • Identifying Executed Programs
    • Searching the Registry
    • Event Logs
  • Section 9 – Dealing with Digital Evidence for Court
    • How to Prepare a Forensic Report
    • How to Prepare Evidence for Court
    • Giving Evidence as an Expert Witness
en_USEnglish