The course
On this 3 day practical computer forensics training course, gain an understanding of static computer forensics analysis by learning about forensic principles, evidence continuity and methodology to employ when conducting a forensic investigation. Using practical case scenarios, you will be guided through the process of conducting a computer forensics investigation, and will learn the principles surrounding the collection of evidence, together with the forensic tools associated with forensic analysis. Delegates who successfully complete the exam included at the end of the training course will be awarded the Certified Forensic Investigation Practitioner (CFIP) qualification.
1. Introduction to Computer Forensics
2. Introduction to Investigations
a. Areas involved in a forensic investigation
b. Investigation awareness phase of a forensic investigation
c. Principles of forensic computing
d. The ‘Chain of Custody’ process
e. Applying the chain of custody process
3. Identification and Seizure
a. Common electronic evidence devices
c. Seizure process of electronic evidence
d. Evidential items of interest
e. Actions performed on an electronic device
4. Understanding Electronic Data
a. Multiple bits
b. Large quantities of bytes in data storage
c. Decimal, Hexadecimal, ASCII, Unicode
5. Storage and File Systems
a. Preparing a hard drive for data storage
b. Physical disks and logical drives.
c. Differences between data and metadata
d. Common file system metadata
e. The purpose of file systems
f. Various file systems’ features
g. Live Data, Deleted Data, Unallocated Data
6. Forensic Acquisition
a. Differences between a forensic image and a clone
b. Hashing within the forensic acquisition process
c. Common tools and hardware
d. Forensic acquisition and verification of an electronic device
7. Data Management
a. Data backups of electronic evidence
b. Logistical issues with data backups
c. Working copies of electronic evidence
d. Data retention periods of electronic evidence
8. Forensic Analysis Techniques
a. Five possible analysis environments
b. Recovering data from an electronic device using data carving
c. Keyword searching
d. Issues associated with data extraction
e. Strengths and weaknesses of hash analysis
f. Common file type specific metadata
g. Date and time analysis
9. Recovering Forensic Artefacts
a. Vista registry
b. Internet history
10. Data Reduction Techniques
a. Filtering data
b. Hash analysis
c. Data interpretation process
d. Dangers of data reduction
e. Filtering using date and time stamps
f. The use of data reduction techniques
11. Forensic Challenges
a. Data wiping
b. Data encryption
c. Malicious software
12. Reporting
a. Purpose of forensic reporting
b. Expected outcome of a forensic investigation
c. Target audience
d. Reporting methods
e. Defence statements
- The principles and guidelines for computer forensic investigations
- The process of evidence continuity
- The fundamentals of the complete forensic investigation process
- The forensic acquisition of an electronic devices
- How to store data on electronic media
- How to work with key forensic investigation products
- How to identify Windows based OS forensic artefacts
Download
PDF
|
Course outline
Read the computer forensics training course outline to find
out more about the many topics covered in CFIP Forensic Investigation: Hands-On |
Frequently Asked Questions (FAQ)
