0345 4506120

Introduction to Digital Forensics

Course Details

Name Introduction to Digital Forensics
Description
URL
Location:
Virtual Classroom
Start Date:
Working Days:
Price:
£1497.00 +vat
Availability:
Exam:
Residential:
Course ID:
470475

Overview

Updated for 2018, the Introduction to Digital Forensics course is designed to help commercial and government organizations collect, preserve and report on digital artefacts in a way which is suitable for use in investigations.

The course covers the broad topics essential to the digital forensics disciplines. It sets out a framework for investigations, covering the best practice as described by The National Police Chiefs' Council (NPCC) formally ACPO guidelines. Forensic fundamentals will be covered as well as the use of open source forensic tools. The data will be then analysed and an example report produced.

Participants to this course learn about the methods to identify, preserve, analysis and report on digital artefacts. Using a mixed approach of fundamentals and open source software, delegates will be able to select suitable tools and report on their findings in an evidential way.

The introduction to digital forensic course audience includes all teams across the IT, Security, Internal Audit, Law Enforcement and Government.

IISP Skills Alignment

This course is aligned to the following Institute of Information Security Professionals (IISP) Skills.

Continuous Professional Development (CPD)

CPD points can be claimed for GCT accredited courses at the rate of 1 point per hour of training for accredited courses (up to a maximum of 15 points).

Learning Objectives

  •   The purpose, benefits, and key terms of digital forensics.
  •   Describe and adhere to the principles of the forensic framework
  •   Understand the importance of the chain of custody
  •   Demonstrate a basic knowledge of key locations in different operating systems
  •   Identify how different file systems represent files and how they deal with deletion etc.
  •   Understand where timestamps and other meta data comes from
  •   Have knowledge of the legal framework in which they operate, and the expected level of ethical behaviour expected.
  •   Reporting and 5x5x5 procedures.

Course Content

Module 1: Intro to Digital forensic

  •   What digital forensics is
  •   What is digital evidence?
  •   When and Why is digital forensics used?
  •   Different Types of Digital Forensics – Standalone and e-discovery
  •   What skills should a computer forensic expert have?
  •   Introduction to the forensic framework

Module 2: The Legal Framework

  •   What legislation applies to investigations?
  •   ISO/IEC standards what does it cover?
  •   What does the legislation cover?
  •   What do authorising officers have to consider
  •   What does the legislation mean for investigators?
  •   The consequence of failing to adhere to the legislation which applies

Module 3: Collecting Digital Evidence

  •   The NPCC guidelines and how they apply to the collection of digital evidence
  •   The role of a First Responder
  •   Triaging – the new digital forensics approach
  •   What is ‘chain of custody’ concept and how critical it is to maintain
  •   What is the order of volatility

Module 4: Imaging Digital Evidence

  •   What imaging is and why we work on imaged data
  •   Write blocking hardware and software
  •   How do we forensically image a live device?
  •   How do we forensically image a switched off device?
  •   Physical and Logical Imaging
  •   Understand Hashing Algorithms and collisions and how it is used to verify acquisitions
  •   Creating Forensic Image using FTK Imager

Module 5: Hardware

  •   Why do we need to know about hardware?
  •   Live RAM capture and analysis
  •   Data storage – magnetic hard disks
  •   Understand how solid state drives differ
  •   What is the BIOS and UEFI and what settings they hold
  •   Analysing the boot process
  •   Partitioning Disk analysis
  •   Volume and Master Boot Record

Module 6: Information Representation and File Systems

  •   How number systems work and how data is represented in binary and hexadecimal
  •   Difference between Big and Little Endian
  •   Character Encoding ASCII and Unicode
  •   Different File systems NTFS, FAT
  •   Analysis what happens when file is saved, deleted
  •   What is Slack Space and the different types of slack
  •   What is the Master File Table used for?
  •   Recovering Data from Recycle bin
  •   Viewing Deleted data

Module 7: File Signatures & File Carving

  •   File Signatures Analysis
  •   Manual File carving
  •   File Carving Using Kali Linux

Module 8: Windows Artefacts, Metadata and Hash Libraries

  •   What is Metadata?
  •   EXIF Data and analysis
  •   Windows User Profile
  •   Identifying different Windows Artefacts and what information can be found
  •   Analysing Thumbnail Cache
  •   Viewing the Windows Registry and locating information
  •   Analysing Email Headers
  •   Forensic Analysis of HTTP data using Wireshark
  •   Purpose of Hash Libraries

Module 9: Mobile Phone Forensics

  •   Mobile Forensics Require a Different Approach
  •   What information a mobile device can provide
  •   Different methods for conducting mobile device examinations

Module 10: Digital Evidence Process Model

  •   The difference between notes, examination logs and witness statements

Module 11: Forensic Tools

  •   Commercial Forensic
  •   Open Forensic Tools

Attend From Anywhere

Description:

How Attend from Anywhere works

Our ‘Attend from Anywhere’ courses allow you to access award-winning classroom training without leaving your home or office. We use WebEx web and video conferencing platform by Cisco. Before you book you should check to ensure you meet the WebEx system requirements and run a test meeting to ensure the software is compatible with your firewall settings (if it doesn’t work you should adjust your settings or contact your IT department about permitting the website).

WebEx system requirements >

Run a WebEx test meeting >

  • Up to three weeks before the start of the course we will send you Joining Instructions by email.
  • You should enter ‘My Virtual Account’ to update your address for courseware and book a pre-test with a member of the Virtual Learning Team, who will check everything works.
  • 15 minutes before the course begins you should launch the software, connect your audio and familiarise yourself with the interface and how the virtual interactions work.
  • The course will be split into multiple sessions, with short breaks in between so you can stay focused and refreshed.
  • Throughout the course the learning professional will use an electronic whiteboard, which will transmit all the notes directly to your screen.
  • You can ask the learning professional a question at any time, either by simply speaking aloud through your microphone or by clicking the virtual ‘raise-a-hand’ button on the interface.
  • Towards the end of the course there will be plenty of time for detailed Q&As with the learning professional, just as if you were physically in the classroom.
  • Following the course you will be asked to complete a course evaluation form, which will allow you to give detailed feedback on your experience and help us to make future improvements.
  • For four weeks after the course has finished you will have on-demand access to helpful videos on the subject matter, and we may send you useful emails reminding you of the ‘Key Learning Points’.

Benefits of Attend from Anywhere

Access to experts

Receive full support from our subject-matter experts for the duration of your course.

Convenient

Access your training from home, the office, or anywhere with internet access.

Cost-effective

Save money on training and expenses like transport, hotels, meals and childcare.

Quality

Our technology makes our online courses the same high quality as our classroom training.

Time-efficient

Reduce time out of the office and time spent travelling to and from training centres.

FAQ

What equipment do I need for an Attend from Anywhere course?

You will need an internet-connected computer and a USB headset with an in-built mic to interact with the trainer. Two monitors are recommended; one to stream the video from the classroom and the other to display the interactive interface.

How reliable are Attend from Anywhere courses?

We use leading Cisco technology and our classrooms are specifically optimised to improve sound quality for remote attendees. We also offer a pre-test so you can test everything is working before the course starts.

How are remote attendees made to fell included?

Our trainers are specially trained on how to interact with remote attendees and our technology allows them to take over remote PCs. Our remote labs ensure all participants can take part in hands-on class exercises wherever they are.

What makes Attend from Anywhere courses cost effective?

Our technology makes our Attend from Anywhere courses the same high-quality experience as our classroom training, so we do not price them differently. However, organisations and individuals do make significant financial savings by booking this type of course when associated costs (such as travel, expenses, hotels, food and childcare) are factored in.

How can I take the exam remotely?

You may be able to take your exam via one of our accredited remote live proctors. Where this is not possible you may be issued with an exam voucher or required to attend a classroom in order to take the exam. Please contact us for specific details in relation to your course.

If you are able to take your exam remotely you need to book it before the course begins  and switch on a webcam to enable invigilation and show photo ID (please note that exam slots are subject to availability with the live proctors and may not be available during the week of the exam. Exam slots are booked on a first come first served basis).

Click here to test if your hardware is compatible

 

Exam Information

The exam is now a Proctor-U APMG exam for the Practitioner Certificate in Cloud Security, which will be taken by delegates in their own time after the course. Delegates will receive individual emails to access their AMPG GCT candidate portal, typically available two weeks post exam.

Our Customers Include