Course Title: Computer Forensic Workshop

Description:
  “Learn to investigate IT crimes with Forensic techniques.”
Training Category:
   Information Technology
Target Audience:
  IT Support management, technicians and analysts in Law Enforcement, Public Bodies, Corporate and the Legal Sector.
Duration:
2 Days
Course Introduction ›
This workshop is intended as general introduction to the complex field of Forensic Computer Investigations and to give practitioners who may be contemplating entry into the field an idea of the challenges they may face.
Course Objectives ›
Delegates will be able to outline the ‘anatomy’ of forensic data investigations, the circumstances in which they may arise and the expectations of potential Users and Clients.
Prerequisites ›
There is no requirement for experience of Hard Disc Drive technology but an understanding of computer file systems and networking will be of benefit.

Course Outline ›

DAY 1
Module 1: Evidence Control & Documentation

  • Document! Document! Document!
  • Evidence Collection & Inventory
  • Chain of Custody
  • Evidence Storage & Security
  • Federal Rules of Evidence

Module 2: Crime Scene Response

  • Preparation: Your Response Kit
  • Securing the Scene
  • Photographing the Scene
  • Marking & Inventorying
  • Live Response
  • Post Mortem Examination

Module 3: Building a Forensics Laboratory

  • Laboratory Standards
  • Facility Physical Security
  • Evidence Security
  • Software
  • Hardware
  • Portable Forensics Lab

Module 4: Commercial Forensics Software Tools

  • The Case for Commercial Tools
  • EnCase
  • Access Data Forensics Tool Kit
  • DriveSpy & Paraben

Module 5: Open Source Forensics Tools

  • Open Source Forensics Tools
  • Linux dd
  • Autopsy & The Sleuth Kit
  • Helix
  • Forensic Incident Response Environment
  • Knoppix

DAY 2
Module 6: Basics of Disk Imaging

  • Types of Disk Duplication
  • Bitstream Images
  • Importance of Slack space/Unallocated space
  • Hashing

Module 7: Disk Imaging Tools

  • Dd
  • Symantec Ghost
  • FTK Imager
  • Encase
  • Hardware Imagers

Module 8: Disk Analysis

  • Disk Basics
  • Disk Structures - Fat File System
  • Disk Structures - NTFS File System
  • Disk Structures - EXT2/EXT3 File Systems

Module 9: File Analysis

  • What are you looking for?
  • File Attributes
  • Known File Type Signatures && Hashes
  • Malware
  • Steganography

Delivery Methods

  • Language: English
  • PowerPoint Presentation
  • Presentation Handouts
  • Computer Lab Work
  • Certificate of Participation