ICMS Cyber Solution
Contact Us

Digital Forensics Foundation Investigators Course

Digital Forensics Foundation Investigators Course

The 3-day Digital Forensics – Foundation for Investigators course provides essential knowledge and practical skills for professionals involved in investigating digital incidents, cybercrimes, and data breaches. Whether you’re starting a career as a digital forensic investigator, cybersecurity analyst, or part of an incident response team, this course equips you with the skills to analyse digital evidence effectively.
Through hands-on exercises using free and open-source tools, the course allows students to develop a foundational understanding of how to conduct a methodical digital forensic investigation.
On the third day students will be engaged in a full day case study focused on data leakage, allowing the student to apply the skills learned throughout the course to solve a real-world scenario.
The course has been designed by experienced forensic investigators ensuring the content is both relevant and practical.

Who Should Attend:

The course is ideal for IT staff or members of an incident response team, cybersecurity analysts or people starting a career as a digital forensic investigator.

Prerequisite:

Must have successfully completed the Digital Forensics – Data Collection for First Responders Course.

Outcome:

This course will provide you with the forensic knowledge and skills necessary to be able to conduct a methodical investigation of various sources of electronic data.

Day 1

  • Section 1 – Quick Recap
    • Good Practice Guidelines for Digital Evidence
    • The 4 Principles of Digital Evidence
    • 5 Stages of an Investigation
  • Section 2 – Understanding Hard Drive Terminology
    • Traditional Hard Drives
    • SSD Hard Drives
    • Understanding Hard Drive Terminology
    • Unified Extensible Firmware Interface (UEFI)
    • GUID Partition Table (GPT)
  • Section 3 – File Systems & Data Storage
    • NTFS File System
    • Data Storage
    • Introduction to Metadata
    • NTFS Encryption
  • Section 4 – Forensic Analysis Techniques
    • Analysis Environments
    • Case Preparation

Day 2

  • Section 4 – Forensic Analysis Techniques (Continue)
    • File/Folder Recovery
    • File Signatures
    • Data Carving
    • Data Reduction Methods
    • Corroborating Evidence
  • Section 5 – Windows Forensics Artefacts
    • Windows Registry
    • USB Forensics
    • Identifying Sources of Evidence
    • Internet History
    • Prefetch Files
    • Identifying Installed Software
    • Volume Shadow Copies
    • Identifying Executed Programs
    • Link File Analysis
    • Searching the Registry
    • Event Logs

Day 3

  • Section 6 – Case Study- Data Leakage Exercise
    • Case Study – Data Leakage Exercise (Full Day)
en_USEnglish
thThai jaJapanese en_USEnglish