Introduction to Digital Forensics Course - Onsite Training and Public Scheduled Courses

Introduction to Digital Forensics

3 Day Course

Hands On

Code QAIDIGFOR

Book Now - 2 Delivery Methods Available:

Scheduled Virtual Onsite

Updated for 2018, the Introduction to Digital Forensics course (QAIDIGFOR) is designed to help commercial and government organizations collect, preserve and report on digital artefacts in a way which is suitable for use in investigations.

The course covers the broad topics essential to the digital forensics disciplines. It sets out a framework for investigations, covering the best practice as described by The National Police Chiefs' Council (NPCC) formally ACPO guidelines. Forensic fundamentals will be covered as well as the use of open source forensic tools. The data will be then analysed and an example report produced.

Participants to this course learn about the methods to identify, preserve, analysis and report on digital artefacts. Using a mixed approach of fundamentals and open source software, delegates will be able to select suitable tools and report on their findings in an evidential way.

The introduction to digital forensic course audience includes all teams across the IT, Security, Internal Audit, Law Enforcement and Government.

The purpose, benefits, and key terms of digital forensics.
Describe and adhere to the principles of the forensic framework
Understand the importance of the chain of custody
Demonstrate a basic knowledge of key locations in different operating systems
Identify how different file systems represent files and how they deal with deletion etc.
Understand where timestamps and other meta data comes from
Have knowledge of the legal framework in which they operate, and the expected level of ethical behaviour expected.
Reporting and 5x5x5 procedures.

View detailed Course Modules

IISP Skills Alignment

This course is aligned to the following Institute of Information Security Professionals (IISP) Skills. More details on the IISP skills framework can be found here.

Continuous Professional Development (CPD)

CPD points can be claimed for GCT accredited courses at the rate of 1 point per hour of training for GCHQ accredited courses (up to a maximum of 15 points).

Training Partners

We work with the following best of breed training partners using our bulk buying power to bring you a wider range of dates, locations and prices.

Hide all

Intro to Digital forensic (6 topics)

What digital forensics is
What is digital evidence?
When and Why is digital forensics used?
Different Types of Digital Forensics - Standalone and e-discovery
What skills should a computer forensic expert have?
Introduction to the forensic framework

The Legal Framework (6 topics)

What legislation applies to investigations?
ISO/IEC standards what does it cover?
What does the legislation cover?
What do authorising officers have to consider
What does the legislation mean for investigators?
The consequence of failing to adhere to the legislation which applies

Collecting Digital Evidence (5 topics)

The NPCC guidelines and how they apply to the collection of digital evidence
The role of a First Responder
Triaging - the new digital forensics approach
What is 'chain of custody' concept and how critical it is to maintain
What is the order of volatility

Imaging Digital Evidence (7 topics)

What imaging is and why we work on imaged data
Write blocking hardware and software
How do we forensically image a live device?
How do we forensically image a switched off device?
Physical and Logical Imaging
Understand Hashing Algorithms and collisions and how it is used to verify acquisitions
Creating Forensic Image using FTK Imager

Hardware (8 topics)

Why do we need to know about hardware?
Live RAM capture and analysis
Data storage - magnetic hard disks
Understand how solid state drives differ
What is the BIOS and UEFI and what settings they hold
Analysing the boot process
Partitioning Disk analysis
Volume and Master Boot Record

Information Representation and File Systems (9 topics)

How number systems work and how data is represented in binary and hexadecimal
Difference between Big and Little Endian
Character Encoding ASCII and Unicode
Different File systems NTFS, FAT
Analysis what happens when file is saved, deleted
What is Slack Space and the different types of slack
What is the Master File Table used for?
Recovering Data from Recycle bin
Viewing Deleted data

File Signatures & File Carving (3 topics)

File Signatures Analysis
Manual File carving
File Carving Using Kali Linux

Windows Artefacts, Metadata and Hash Libraries (9 topics)

What is Metadata?
EXIF Data and analysis
Windows User Profile
Identifying different Windows Artefacts and what information can be found
Analysing Thumbnail Cache
Viewing the Windows Registry and locating information
Analysing Email Headers
Forensic Analysis of HTTP data using Wireshark
Purpose of Hash Libraries

Mobile Phone Forensics (3 topics)

Mobile Forensics Require a Different Approach
What information a mobile device can provide
Different methods for conducting mobile device examinations

Digital Evidence Process Model (1 topic)

The difference between notes, examination logs and witness statements

Forensic Tools (2 topics)

Commercial Forensic
Open Forensic Tools

Scheduled Dates

Please select from the dates below to make an enquiry or booking.

Pricing

Different pricing structures are available including special offers. These include early bird, late availability, multi-place, corporate volume and self-funding rates. Please arrange a discussion with a training advisor to discover your most cost effective option.

Currency

Code	Location	Duration	Price	Dec	Feb	Mar
QAIDIGFOR	Attend From Anywhere	3 Days	$1,589	16-18	11-13	02-04
QAIDIGFOR	Edinburgh	3 Days	$1,589		17-19
QAIDIGFOR	London	3 Days	$1,589	16-18	11-13	02-04
QAIDIGFOR	Manchester (Oxford St)	3 Days	$1,589			23-25

Next 6 Months

Broadcast Training

Certifications

Introduction to Digital Forensics

Overview

Objectives

Additional Information

Training Partners

Modules

Intro to Digital forensic (6 topics)

The Legal Framework (6 topics)

Collecting Digital Evidence (5 topics)

Imaging Digital Evidence (7 topics)

Hardware (8 topics)

Information Representation and File Systems (9 topics)

File Signatures & File Carving (3 topics)

Windows Artefacts, Metadata and Hash Libraries (9 topics)

Mobile Phone Forensics (3 topics)

Digital Evidence Process Model (1 topic)

Forensic Tools (2 topics)

Scheduled Dates

Pricing

Course PDF

Print

Related Courses

Share this Course

Recommend this Course

Sections

Training

Telecoms Training

Wireless

IP & Convergence

Core Network

Access

Data Networking

Broadcast Training

Post-Production

Transmission

IT Vendor Training

Microsoft Training

HP Training

VMware Training

ITIL Training

Cisco Training

IT Security Training

Linux Training

Unix Training

Oracle Training

McAfee Training

Amazon Web Services

DevOps and Automation

Google Training

Veeam Training

CompTIA Training

Citrix Training

Crystal Reports Training

Check Point Training

Juniper Training

Blue Coat Training

Novell Training

IBM Training

Sun Training

AppSense Training

Sybase training

Symantec Training

NetApp Training

Development Training

Microsoft Software Development Training

Machine Learning and AI

Object Oriented Development Training

Business Analysis and Testing Training

Web Development Training

Mobile Application and Platform Development

Agile Training

Adobe Training

Embedded and Realtime Development

Professional Development

Personal Development

Project Management

Certifications

Services