0845 450 6120

Introduction to Digital Forensics

Course Details

Name Introduction to Digital Forensics
Description
URL
Location:
London - City
Start Date:
Days:
Price:
£2699.00 +vat
was £2799.00
Exam:
Residential:
Course ID:
362447
Offer

Overview

Introduction to digital forensics is designed to help commercial and government organizations collect, preserve and report on digital artefacts in a way which is suitable for use in investigations.
The course covers the broad topics essential to the digital forensics disciplines. It sets out a framework for investigations, covering the best practice as described by The National Police Chiefs' Council (NPCC) formally ACPO guidelines. Forensic fundamentals will be covered as well as the use of open source forensic tools. The data will be then analysed and an example report produced.

Participants to this course learn about the methods to identify, preserve, analysis and report on digital artefacts. Using a mixed approach of fundamentals and open source software, delegates will be able to select suitable tools and report on their findings in an evidential way.

The introduction to digital forensic course audience includes all teams across the IT, Security, Internal Audit, Law Enforcement and Government.

Continuous Professional Development (CPD)

CPD points can be claimed for GCT accredited courses at the rate of 1 point per hour of training for GCHQ accredited courses (up to a maximum of 15 points).

Learning Objectives

Delegates will learn how to

  • The purpose, benefits, and key terms of digital forensics.
  • Describe and adhere to the principles of the forensic framework
  • Understand the importance of the chain of custody
  • Demonstrate a basic knowledge of key locations in different operating systems
  • Identify how different file systems represent files and how they deal with deletion etc.
  • Understand where timestamps and other meta data comes from
  • Have knowledge of the legal framework in which they operate, and the expected level of ethical behaviour expected.
  • Reporting and 5x5x5 procedures.

Course Content

Module 1: Intro to Digital forensic

  • Describe what digital forensics is
  • Identify which crimes use computer, cyber crime/ cyber enabled crime
  • What skills should a computer forensic expert have?
  • Introduce the forensic framework,
  • Collection
  • Examination
  • Analysis
  • Reporting
  • Extended Framework: Collection authority and legislation for digital evidence

Module 2: Forensic fundamentals

  • What is data and how is it represented in a computer?
  • Create a .txt and examine in a hex editor
  • Discuss number systems Binary and Hex
  • Look at different files, compare a word document with the same text as the .txt file from a)
  • What is a digital device and how do we collect its data?
  • Memory capture -brief at this stage
  • Look at Hard drives
  • What does a hard drive look like? (inc flash)
  • History CHS and LBA addressing
  • Use of encryption on equipment and how that effects the investigation

Module 3: Famework: Collection

  • Crime scene management
  • Recording the scene and documenting your actions
  • To switch off or not: discuss the issue and create a first responders flow chart
  • Safe removal of hard drives
  • Other media, 'pen' drives, optical media and other removables
  • Cloud based data
  • Mobile in brief on the air wiping

Module 4: Examination 1: Data acquisition and preserving evidence for court

  • Write blocking and disk imaging
  • Alternative methods of disk imaging
  • Principles of hashing

Module 5: Examination 2: File system Analysis

  • Demonstrate tools to mount the image
  • Describe how to identify and examine the file system
  • Look how different file system represent data on disk
  • Overview of FAT and NTFS
  • Look at the way deleted files are handled
  • Describe how to identify Operating systems
  • Look at default locations for user data
  • Overview of the windows registry and useful locations for data

Module 6: Analysis

  • Levels of persistence and what it means evidently e.g 'live'; 'deleted', 'over-written'
  • Time lines
  • Putting the suspect 'in front of the keyboard'

Module 7: Reporting forensic findings and digital intelligence

  • Understanding the scope of the investigation
  • Tone and style backing up the substance
  • An understanding of 'true' and how information can be presented in a neutral way
  • Overview of digital intelligence including open source

Module 8: Legal framework

  • Identify what authority the investigation is being performed

Understand the bounds of the investigation as defined in the scope

Module 9: Mobile Forensics: introduction

  • Handling of mobile devices to preserve data
  • Physical and logical analysis of mobile devices

Module 10: E-discovery: introduction

What is E-discovery?

Review of E-discovery tools and techniques.

London - International House

Description:

Location:

International House
3rd Floor
1 St Katharines Way
London
E1W 1UN

 

Directions:

International House is a premier training centre located close to Tower Bridge, between St Katharine Dock and the Tower of London.


Car parking

The nearest car park is the NCP at Whitechapel High Street.

Rail

  • London Fenchurch Street Rail – 12 minute walk
  • London Cannon Rail – 20 minute walk
  • London Bridge Rail – 25 minute walk 

Tube

  • Tower Gate Way -  8 minute walk 
  • Tower Hill – 10 minute walk
  • Aldgate - 15 minutes walk  
  • Aldgate East – 17 minute walk
  • Monument – 18 minute walk 
  • Bank - 22 minute walk  
  • London Bridge Underground – 25 Minute walk

Buses

Routes 42, 78 and RV1 use the Tower of London stop (TL) on St. Katharine’s Way, just outside International House.

Our Customers Include