Course Topics & Program
Day Two Overview
On this day the student will master techniques used for acquiring computer based evidence in a forensically sound fashion. Utilizing the same tried and true methods practiced by law enforcement, you will learn how to acquire, authenticate, and maintain the integrity of evidence.
The topics for this day are very hands-on. Each Digital Forensics Examiner will acquire a hard drive image and will learn how to manually recover deleted data. This will form the basis of understanding how the automated forensic tools actually work - the cornerstone of being able to understand how to verify evidence and authenticate that forensic tools are working properly. While this is typically left out of other courses, you'll see the importance of actually knowing how the forensic tools work, enabling you to use and authenticate a variety of tools.
You will also learn techniques utilized by CyberSecurity Institute to quickly and efficiently obtain evidence from large hard drives that would otherwise take days to process. These techniques alone will show you how to process evidence and find the "low hanging fruit" while others would still be initializing a case.
DAY TWO TOPICS
Evidence Acquisition and Hands-On Labs
- Live versus Static Acquisition
- Logical Versus Physical
- Checksums and Hashes
- Acquiring Memory Dumps
- Write Blockers and Imaging Hardware
- Imaging USB Devices
- Triage Techniques
- Obtaining Protected Files
- Creating A Custom Image File
- Tips to Speed-up Locating Evidence from Large Media
Evidence Preservation
- Chain of Custody
- Evidence Handling Techniques
- Evidence integrity
Recovering Deleted Data
- Automated Versus Manual Methods
- What the Forensic Tools Are Doing "Under The Hood"
- File Headers and Footers
- Data Carving Techniques
- Hex Editors
Evening Session: Optional, Until 21:00
Open Topics Based On Student Requests
Copyright © 2013 All rights reserved. Aurenav LLC.