{"id":1964,"date":"2024-09-26T09:14:10","date_gmt":"2024-09-26T09:14:10","guid":{"rendered":"https:\/\/icmscyber.com\/?page_id=1964"},"modified":"2025-09-09T08:10:13","modified_gmt":"2025-09-09T08:10:13","slug":"digital-forensics-foundation-investigators-course","status":"publish","type":"page","link":"https:\/\/icmscyber.com\/th\/training\/digital-forensics-foundation-investigators-course\/","title":{"rendered":"Digital Forensics Foundation Investigators Course"},"content":{"rendered":"<div class=\"section-wrapper\" data-id=\"UQMB6f\"><section class=\"wp-block-gutenverse-section guten-element guten-section guten-UQMB6f layout-boxed align-stretch\"><div class=\"guten-container guten-column-gap-default\">\n<div class=\"wp-block-gutenverse-column guten-element guten-column guten-kwAwpp\"><div class=\"guten-column-wrapper\" data-id=\"kwAwpp\"><\/div><\/div>\n\n\n\n<div class=\"wp-block-gutenverse-column guten-element guten-column guten-F3Ifmp\"><div class=\"guten-column-wrapper\" data-id=\"F3Ifmp\">\n<div class=\"guten-jw1QNj guten-image-box guten-element style-default\"><div class=\"inner-container\"><div class=\"image-box-header\"><img decoding=\"async\" class=\"gutenverse-image-box-filled\" src=\"https:\/\/icmscyber.com\/wp-content\/uploads\/2024\/09\/Digital-Forensic-Investigator.jpg\" height=\"285\" width=\"640\"\/><\/div><div class=\"image-box-body\"><div class=\"body-inner\"><h3 class=\"body-title icon-position-before\"><i><\/i><span>Digital Forensics Foundation Investigators Course<\/span><\/h3><p class=\"body-description\">The 3-day Digital Forensics &#8211; Foundation for Investigators course provides essential knowledge and practical skills for professionals involved in investigating digital incidents, cybercrimes, and data breaches. Whether you\u2019re starting a career as a digital forensic investigator, cybersecurity analyst, or part of an incident response team, this course equips you with the skills to analyse digital evidence effectively.<br>Through hands-on exercises using free and open-source tools, the course allows students to develop a foundational understanding of how to conduct a methodical digital forensic investigation.<br>On the third day students will be engaged in a full day case study focused on data leakage, allowing the student to apply the skills learned throughout the course to solve a real-world scenario.<br>\u0e2b\u0e25\u0e31\u0e01\u0e2a\u0e39\u0e15\u0e23\u0e16\u0e39\u0e01\u0e2d\u0e2d\u0e01\u0e41\u0e1a\u0e1a\u0e42\u0e14\u0e22\u0e1c\u0e39\u0e49\u0e17\u0e35\u0e48\u0e21\u0e35\u0e1b\u0e23\u0e30\u0e2a\u0e1a\u0e01\u0e32\u0e23\u0e13\u0e4c \u0e40\u0e1e\u0e37\u0e48\u0e2d\u0e43\u0e2b\u0e49\u0e40\u0e19\u0e37\u0e49\u0e2d\u0e2b\u0e32\u0e21\u0e35\u0e1b\u0e23\u0e30\u0e2a\u0e34\u0e17\u0e18\u0e34\u0e20\u0e32\u0e1e\u0e15\u0e32\u0e21\u0e04\u0e27\u0e32\u0e21\u0e15\u0e49\u0e2d\u0e07\u0e01\u0e32\u0e23\u0e41\u0e25\u0e30\u0e2a\u0e32\u0e21\u0e32\u0e23\u0e16\u0e19\u0e33\u0e44\u0e1b\u0e43\u0e0a\u0e49\u0e43\u0e19\u0e01\u0e32\u0e23\u0e1b\u0e0f\u0e34\u0e1a\u0e31\u0e15\u0e34\u0e07\u0e32\u0e19\u0e44\u0e14\u0e49\u0e08\u0e23\u0e34\u0e07<\/p><\/div><\/div><\/div><\/div>\n<\/div><\/div>\n\n\n\n<div class=\"wp-block-gutenverse-column guten-element guten-column guten-iM3zAA\"><div class=\"guten-column-wrapper\" data-id=\"iM3zAA\"><\/div><\/div>\n<\/div><\/section><\/div>\n\n\n\n<div class=\"section-wrapper\" data-id=\"oWzy1G\"><section class=\"wp-block-gutenverse-section guten-element guten-section guten-oWzy1G layout-boxed align-stretch\"><div class=\"guten-container guten-column-gap-default\">\n<div class=\"wp-block-gutenverse-column guten-element guten-column guten-q4UmgR\"><div class=\"guten-column-wrapper\" data-id=\"q4UmgR\"><\/div><\/div>\n\n\n\n<div class=\"wp-block-gutenverse-column guten-element guten-column guten-6r14cS\"><div class=\"guten-column-wrapper\" data-id=\"6r14cS\">\n<h2 class=\"wp-block-heading has-normal-font-size\">Who Should Attend:<\/h2>\n\n\n\n<div class=\"guten-element guten-spacer guten-zqx1bw\"><\/div>\n\n\n\n<p>The course is ideal for IT staff or members of an incident response team, cybersecurity analysts or people starting a career as a digital forensic investigator.<\/p>\n\n\n\n<h2 class=\"wp-block-heading has-normal-font-size\">Prerequisite:<\/h2>\n\n\n\n<div class=\"guten-element guten-spacer guten-txjPHi\"><\/div>\n\n\n\n<p>Must have successfully completed the Digital Forensics \u2013 Data Collection for First Responders Course.<\/p>\n\n\n\n<h2 class=\"wp-block-heading has-normal-font-size\">\u0e2b\u0e25\u0e31\u0e07\u0e08\u0e32\u0e01\u0e01\u0e32\u0e23\u0e40\u0e23\u0e35\u0e22\u0e19\u0e2b\u0e25\u0e31\u0e01\u0e2a\u0e39\u0e15\u0e23:<\/h2>\n\n\n\n<div class=\"guten-element guten-spacer guten-PP96Tf\"><\/div>\n\n\n\n<p>This course will provide you with the forensic knowledge and skills necessary to be able to conduct a methodical investigation of various sources of electronic data.<\/p>\n<\/div><\/div>\n\n\n\n<div class=\"wp-block-gutenverse-column guten-element guten-column guten-aJJetZ\"><div class=\"guten-column-wrapper\" data-id=\"aJJetZ\"><\/div><\/div>\n<\/div><\/section><\/div>\n\n\n\n<div class=\"section-wrapper\" data-id=\"Ue9OY4\"><section class=\"wp-block-gutenverse-section guten-element guten-section guten-Ue9OY4 layout-boxed align-stretch\"><div class=\"guten-container guten-column-gap-default\">\n<div class=\"wp-block-gutenverse-column guten-element guten-column guten-1Ox5qv\"><div class=\"guten-column-wrapper\" data-id=\"1Ox5qv\">\n<h3 class=\"wp-block-heading has-normal-font-size\">Day 1 \/ \u0e27\u0e31\u0e19\u0e17\u0e35\u0e48 1<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Section 1 &#8211; Quick Recap<\/strong>\n<ul class=\"wp-block-list\">\n<li>\u0e41\u0e19\u0e27\u0e17\u0e32\u0e07\u0e01\u0e32\u0e23\u0e1b\u0e0f\u0e34\u0e1a\u0e31\u0e15\u0e34\u0e17\u0e35\u0e48\u0e14\u0e35\u0e2a\u0e33\u0e2b\u0e23\u0e31\u0e1a\u0e01\u0e32\u0e23\u0e08\u0e31\u0e14\u0e01\u0e32\u0e23\u0e2b\u0e25\u0e31\u0e01\u0e10\u0e32\u0e19\u0e14\u0e34\u0e08\u0e34\u0e17\u0e31\u0e25 (Good Practice Guidelines for Digital Evidence)<\/li>\n\n\n\n<li>The 4 Principles of Digital Evidence<\/li>\n\n\n\n<li>5 Stages of an Investigation<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Section 2 &#8211; Understanding Hard Drive Terminology<\/strong>\n<ul class=\"wp-block-list\">\n<li>\u0e2e\u0e32\u0e23\u0e4c\u0e14\u0e44\u0e14\u0e23\u0e1f\u0e4c\u0e41\u0e1a\u0e1a\u0e14\u0e31\u0e49\u0e07\u0e40\u0e14\u0e34\u0e21 (Traditional Hard Drives)<\/li>\n\n\n\n<li>\u0e2e\u0e32\u0e23\u0e4c\u0e14\u0e44\u0e14\u0e23\u0e1f\u0e4c SSD (SSD Hard Drives)<\/li>\n\n\n\n<li>\u0e40\u0e02\u0e49\u0e32\u0e43\u0e08\u0e04\u0e27\u0e32\u0e21\u0e04\u0e27\u0e32\u0e21\u0e2b\u0e21\u0e32\u0e22\u0e02\u0e2d\u0e07\u0e2e\u0e32\u0e23\u0e4c\u0e14\u0e44\u0e14\u0e23\u0e1f\u0e4c (Understanding Hard Drive Terminology)<\/li>\n\n\n\n<li>\u0e21\u0e32\u0e15\u0e23\u0e10\u0e32\u0e19\u0e1f\u0e34\u0e23\u0e4c\u0e21\u0e41\u0e27\u0e23\u0e4c\u0e02\u0e2d\u0e07\u0e2d\u0e38\u0e1b\u0e01\u0e23\u0e13\u0e4c (Unified Extensible Firmware Interface (UEFI))<\/li>\n\n\n\n<li>\u0e01\u0e32\u0e23\u0e41\u0e1a\u0e48\u0e07\u0e1e\u0e32\u0e23\u0e4c\u0e17\u0e34\u0e0a\u0e31\u0e48\u0e19\u0e41\u0e1a\u0e1a GUID (GPT) (GUID Partition Table (GPT))<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Section 3 &#8211; File Systems &amp; Data Storage<\/strong>\n<ul class=\"wp-block-list\">\n<li>NTFS File System<\/li>\n\n\n\n<li>\u0e1e\u0e37\u0e49\u0e19\u0e17\u0e35\u0e48\u0e08\u0e31\u0e14\u0e40\u0e01\u0e47\u0e1a\u0e02\u0e49\u0e2d\u0e21\u0e39\u0e25 (Data Storage)<\/li>\n\n\n\n<li>\u0e1a\u0e17\u0e19\u0e33\u0e02\u0e2d\u0e07 Metadata (Introduction to Metadata)<\/li>\n\n\n\n<li>\u0e01\u0e32\u0e23\u0e40\u0e02\u0e49\u0e32\u0e23\u0e2b\u0e31\u0e2a NFTS (NTFS Encryption)<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Section 4 &#8211; Forensic Analysis Techniques<\/strong>\n<ul class=\"wp-block-list\">\n<li>\u0e01\u0e32\u0e23\u0e27\u0e34\u0e40\u0e04\u0e23\u0e32\u0e30\u0e2b\u0e4c\u0e2a\u0e20\u0e32\u0e1e\u0e41\u0e27\u0e14\u0e25\u0e49\u0e2d\u0e21 (Analysis Environments)<\/li>\n\n\n\n<li>\u0e01\u0e32\u0e23\u0e40\u0e15\u0e23\u0e35\u0e22\u0e21\u0e40\u0e04\u0e2a\u0e2b\u0e23\u0e37\u0e2d\u0e42\u0e1b\u0e23\u0e40\u0e08\u0e47\u0e04 (Case Preparation)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/div><\/div>\n\n\n\n<div class=\"wp-block-gutenverse-column guten-element guten-column guten-9KjWTn\"><div class=\"guten-column-wrapper\" data-id=\"9KjWTn\">\n<h3 class=\"wp-block-heading has-normal-font-size\">Day 2 \/ \u0e27\u0e31\u0e19\u0e17\u0e35\u0e48 2<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Section 4 &#8211; Forensic Analysis Techniques<\/strong> (Continue)\n<ul class=\"wp-block-list\">\n<li>\u0e01\u0e32\u0e23\u0e01\u0e39\u0e49\u0e04\u0e37\u0e19\u0e44\u0e1f\u0e25\u0e4c\/\u0e42\u0e1f\u0e25\u0e40\u0e14\u0e2d\u0e23\u0e4c (File\/Folder Recovery)<\/li>\n\n\n\n<li>\u0e25\u0e32\u0e22\u0e40\u0e0b\u0e47\u0e19\u0e44\u0e1f\u0e25\u0e4c (File Signatures)<\/li>\n\n\n\n<li>\u0e01\u0e32\u0e23\u0e04\u0e49\u0e19\u0e2b\u0e32\u0e2b\u0e23\u0e37\u0e2d\u0e41\u0e01\u0e30\u0e2a\u0e25\u0e31\u0e01\u0e02\u0e49\u0e2d\u0e21\u0e39\u0e25 (Data Carving)<\/li>\n\n\n\n<li>\u0e27\u0e34\u0e18\u0e35\u0e01\u0e32\u0e23\u0e25\u0e14\u0e02\u0e19\u0e32\u0e14\u0e02\u0e49\u0e2d\u0e21\u0e39\u0e25 (Data Reduction Methods)<\/li>\n\n\n\n<li>\u0e01\u0e32\u0e23\u0e22\u0e37\u0e19\u0e22\u0e31\u0e19\u0e41\u0e25\u0e30\u0e2a\u0e19\u0e31\u0e1a\u0e2a\u0e19\u0e38\u0e19\u0e1e\u0e22\u0e32\u0e19\u0e2b\u0e25\u0e31\u0e01\u0e10\u0e32\u0e19 (Corroborating Evidence)<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Section 5 &#8211; Windows Forensics Artefacts<\/strong>\n<ul class=\"wp-block-list\">\n<li>\u0e01\u0e32\u0e23\u0e27\u0e34\u0e40\u0e04\u0e23\u0e32\u0e30\u0e2b\u0e4c\u0e10\u0e32\u0e19\u0e02\u0e49\u0e2d\u0e21\u0e39\u0e25\u0e01\u0e32\u0e23\u0e15\u0e31\u0e49\u0e07\u0e04\u0e48\u0e32\u0e02\u0e2d\u0e07\u0e23\u0e30\u0e1a\u0e1a\u0e1b\u0e0f\u0e34\u0e1a\u0e31\u0e15\u0e34\u0e01\u0e32\u0e23 Windows Registry<\/li>\n\n\n\n<li>\u0e01\u0e32\u0e23\u0e27\u0e34\u0e40\u0e04\u0e23\u0e32\u0e30\u0e2b\u0e4c USB Forensics<\/li>\n\n\n\n<li>\u0e01\u0e32\u0e23\u0e23\u0e30\u0e1a\u0e38\u0e41\u0e2b\u0e25\u0e48\u0e07\u0e02\u0e49\u0e2d\u0e21\u0e39\u0e25\u0e1e\u0e22\u0e32\u0e19\u0e2b\u0e25\u0e31\u0e01\u0e10\u0e32\u0e19 (Identifying Sources of Evidence)<\/li>\n\n\n\n<li>\u0e1b\u0e23\u0e30\u0e27\u0e31\u0e15\u0e34\u0e02\u0e2d\u0e07\u0e2d\u0e34\u0e19\u0e40\u0e17\u0e2d\u0e23\u0e4c\u0e40\u0e19\u0e47\u0e15 (Internet History)<\/li>\n\n\n\n<li>\u0e44\u0e1f\u0e25\u0e4c Prefetch (Prefetch Files)<\/li>\n\n\n\n<li>\u0e01\u0e32\u0e23\u0e27\u0e34\u0e40\u0e04\u0e23\u0e32\u0e30\u0e2b\u0e4c\u0e01\u0e32\u0e23\u0e23\u0e30\u0e1a\u0e38\u0e0b\u0e2d\u0e1f\u0e15\u0e4c\u0e41\u0e27\u0e23\u0e4c\u0e17\u0e35\u0e48\u0e16\u0e39\u0e01\u0e15\u0e34\u0e14\u0e15\u0e31\u0e49\u0e07 (Identifying Installed Software)<\/li>\n\n\n\n<li>\u0e01\u0e32\u0e23\u0e27\u0e34\u0e40\u0e04\u0e23\u0e32\u0e30\u0e2b\u0e4c\u0e23\u0e30\u0e1a\u0e1a\u0e2a\u0e33\u0e23\u0e2d\u0e07\u0e02\u0e49\u0e2d\u0e21\u0e39\u0e25 Shadow Copies<\/li>\n\n\n\n<li>\u0e01\u0e32\u0e23\u0e27\u0e34\u0e40\u0e04\u0e23\u0e32\u0e30\u0e2b\u0e4c\u0e01\u0e32\u0e23\u0e23\u0e30\u0e1a\u0e38\u0e42\u0e1b\u0e23\u0e41\u0e01\u0e23\u0e21\u0e17\u0e35\u0e48\u0e16\u0e39\u0e01\u0e43\u0e0a\u0e49\u0e07\u0e32\u0e19<\/li>\n\n\n\n<li>\u0e01\u0e32\u0e23\u0e27\u0e34\u0e40\u0e04\u0e23\u0e32\u0e30\u0e2b\u0e4c Link File<\/li>\n\n\n\n<li>\u0e01\u0e32\u0e23\u0e04\u0e49\u0e19\u0e2b\u0e32\u0e10\u0e32\u0e19\u0e02\u0e49\u0e2d\u0e21\u0e39\u0e25\u0e01\u0e32\u0e23\u0e15\u0e31\u0e49\u0e07\u0e04\u0e48\u0e32 (Searching the Registry)<\/li>\n\n\n\n<li>\u0e1a\u0e31\u0e19\u0e17\u0e36\u0e01\u0e40\u0e2b\u0e15\u0e38\u0e01\u0e32\u0e23\u0e13\u0e4c (Event Logs)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/div><\/div>\n<\/div><\/section><\/div>\n\n\n\n<div class=\"section-wrapper\" data-id=\"RAoBA6\"><section class=\"wp-block-gutenverse-section guten-element guten-section guten-RAoBA6 layout-boxed align-stretch\"><div class=\"guten-container guten-column-gap-default\">\n<div class=\"wp-block-gutenverse-column guten-element guten-column guten-VjohsU\"><div class=\"guten-column-wrapper\" data-id=\"VjohsU\">\n<h3 class=\"wp-block-heading has-normal-font-size\">Day 3 \/ \u0e27\u0e31\u0e19\u0e17\u0e35\u0e48 3<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Section 6 &#8211; Case Study- Data Leakage Exercise<\/strong>\n<ul class=\"wp-block-list\">\n<li>Case Study &#8211; Data Leakage Exercise (Full Day)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/div><\/div>\n\n\n\n<div class=\"wp-block-gutenverse-column guten-element guten-column guten-i2QSvH\"><div class=\"guten-column-wrapper\" data-id=\"i2QSvH\"><\/div><\/div>\n<\/div><\/section><\/div>\n\n\n\n<div class=\"guten-element guten-spacer guten-KqcQyk\"><\/div>","protected":false},"excerpt":{"rendered":"","protected":false},"author":2,"featured_media":0,"parent":657,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"class_list":["post-1964","page","type-page","status-publish","hentry"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/icmscyber.com\/th\/wp-json\/wp\/v2\/pages\/1964","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/icmscyber.com\/th\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/icmscyber.com\/th\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/icmscyber.com\/th\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/icmscyber.com\/th\/wp-json\/wp\/v2\/comments?post=1964"}],"version-history":[{"count":0,"href":"https:\/\/icmscyber.com\/th\/wp-json\/wp\/v2\/pages\/1964\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/icmscyber.com\/th\/wp-json\/wp\/v2\/pages\/657"}],"wp:attachment":[{"href":"https:\/\/icmscyber.com\/th\/wp-json\/wp\/v2\/media?parent=1964"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}