0345 4506120

Certified Linux Forensic Investigation

Course Details

Name Certified Linux Forensic Investigation
Description
URL
Location:
Cambridge
Start Date:
Working Days:
Price:
£1097.00 +vat
Availability:
Exam:
Residential:
Course ID:
446430

Overview

This specialist-level course is for experienced forensic investigators who want to acquire the knowledge and skills to navigate, identify, capture and examine data from Linux-based systems. You will develop knowledge and skills to identify, collect, analyse and interpret data from Linux systems.

Linux is an increasingly popular operating system. This two-day course will provide you with a practical understanding from a forensic perspective of how to deal with a Linux system, and requires no previous Linux knowledge. This will be demonstrated and applied to reinforce understanding using both a Linux environment and Windows based forensic software.

Who should attend?
Forensic practitioners, systems administrators and cyber investigators who want to extend their experience from Window-based systems to the Linux environment.

Learning Objectives

Upon completion of the course you will have used a Linux System to:

  • Become familiar with both Linux GUI and command line environments
  • Demonstrate how Linux can be used for forensic imaging
  • Capture RAM and basic volatile data from a live Linux system (Note: this doesn’t include network discovery or traffic capture).

You will have used Windows based forensic software to:

  • Examine ext3 and ext4 file system structures
  • Identify core system information
  • Explore system log files for artefacts including; boots, logins and device connection
  • Examine user artefacts including; recent activity, thumbnails and printing

KEY BENEFITS
On this course, you will:

  • Develop confidence when faced with a Linux system
  • Learn effective techniques to identify and collect data from a Linux environment
  • Understand the data structures associated with the ‘ext’ file systems
  • Develop knowledge and skills to examine and process data from a Linux system
  • Improve your ability to respond effectively to a wider range of forensic incidents

Pre-Requisites

Completion of the Certified Forensic Investigation Practitioner course is highly recommended. Alternatively you will need an understanding of digital forensic principles and practices.


No Linux experience is necessary.

Course Content

1. What is Linux? Brief history, marketplace and distributions


2. Key differences between Windows and Linux forensics


3. Linux concepts: Devices and user privileges


4. Understanding disk and partition mounting


5. Linux partitions and core directories


6. The Linux Command line: navigation and utilities


7. Imaging using Linux tools and forensic distributions


8. Live RAM and other volatile data collection


9. Understanding ext file systems:
a) The evolution of the ext file systems
b) Volumes and block groups
c) Directories, inodes and data storage
d) Forensics: Evidence of file deletion and problems with data carving


10. Examination of a Linux system:
a) Identifying system information
b) File timestamps
c) Log files
d) Network and device connections
e) User accounts and passwords
f) Printing and Trash
g) User navigation, program executions and file access


11. Introduction to memory analysis


12. Web-servers and log analysis


13. Cygwin and Windows sub-system for Linux

Cambridge Technology Centre

Description:

At the Cambridge Development Centre (CDC), our trainers use purpose-built facilities to create the right environment in which to provide ‘hands-on’ training.

Using the latest equipment and techniques are just some of the benefits of studying at CDC; others include:

  • Free lunch and coffees throughout your course
  • Air-conditioned training rooms in well-lit, spacious surroundings
  • Free on-site car parking with no restrictions for private car users

Location:

Melbourn
Royston
Herts
SG8 6DP

 

Directions:

Directions by Car

 

From the M11

Take junction 10 off the M11, and head for Royston on the A505. Continue along the A505 heading for Royston and pass a service area on the left. Take the second right after the service area (signposted for Melbourn). Continue for approximately two miles (this will take you into the village). At the traffic lights, turn left. Continue through the village, and take the left past The Dolphin Pub into Back Lane. PA Consulting Group is on the right.

 

From the A10

Turn right off the A10 (if travelling north), or left (if travelling south) north of Royston, signposted for ‘Melbourn Village and Industrial Area’. Take the first right into Back Lane and the Industrial Area. PA is on the right.

 

From Cambridge

Take the A10 southbound, signposted for Trumpington. Once through the village of Harston, follow the third sign directed towards Melbourn, which will also read ‘Industrial Area’. Take the first right into Back Lane. PA Consulting Group is on the right.

 

Directions by Public Transport

 

From Royston Station

There are two trains leaving every hour for Royston Station from London King’s Cross Station. The taxi journey from the station takes 10 minutes.

 

Parking

Ample parking is available at the front of the building. Two car parks are located on either side of the main driveway into the PA site. Turn into the park on the left, and proceed straight ahead. Visitor car parking is located at the bottom of the steps which lead to reception.

 

Those delegates successfully passing the exam at the end of the course will be awarded the Certified Linux Forensic Practitioner (CLFP) qualification.

Our Customers Include