030220 DFM-01 (2-6 March 2020 – Youngsville NC)

$995.00

The world of cyber forensics is exploding.  The job opportunities for people involved in cyber forensics grows daily.  It is truly a growth industry over the next 30 years.  Technology is the fingerprint of the modern world and must, therefore, be understood by Law Enforcement. This five-day course is designed to introduce law enforcement investigators a curriculum that explores digital forensics.  The labs designed for this course will allow a student to explore the world of cyber forensic investigations using established legal frameworks and scientific digital forensic discovery.

Compare
SKU: OCO-BOW-006-0-0618-1-1-1-1-1 Categories: ,

Description

The world of cyber forensics is exploding.  The job opportunities for people involved in cyber forensics grows daily.  It is truly a growth industry over the next 30 years.  Technology is the fingerprint of the modern world and must therefore, be understood by Law Enforcement. This five-day course is designed to introduce law enforcement investigators a curriculum that explores digital forensics.  The labs designed for this course will allow a student to explore the world of cyber forensic investigations using established legal frameworks and scientific digital forensic discovery.

This course will cover various digital device concepts, including how data is stored on fixed and removable media, why forensic programs can find deleted data on this media, and how that information can be retrieved and used in civil and criminal investigations. Students attending the course will be provided free open-source tools along with practice images to continue their studies after the course.

Travel and Lodging

  • The HTCI classroom is located on the campus of SIRCHIE International, the worlds largest producer and supplier of Evidence collection material in the world.  The campus is made up of 126 acres of prime training ground.  A mix of first class classrooms and outdoor facilites make this an exceptional location to train in.  The HTCI classroom is located 30 minutes from the Raleigh/Durham airport for the convenience of students that must travel by air.  The facility is also serviced by two major interstates allowing for quick and easy access to and from the facility.

    The facility is a nonsmoking facility.  Students attending will be required to leave campus to smoke.

Course Agenda

OBJECTIVES• Student will discuss the need for digital forensics
• Student will be able to understand the CPER model
• Student will be able to how to collect digital evidence
• Student will be able to basic understanding of media forensics
• Student will be able to image media using a forensic tool
• Student will be able to navigate and import an image file for forensic processing
• Student will be to conduct basic analysis of digital media
• Student will discuss cellular devices and the collection of cellular devices
• Student will be able to collect cellular devices
• Student will be able to isolate devices for collection
• Student will be able to discuss the numbers and numbering patterns assigned to cellular devices
• Student will be able to collect and examine a basic cellular device
• Student will prepare reports for analysis an collection
Notes:
Student Schedule
(Proposed, as topics may move within the structure for time and external events)
Day 1
● Overview of the Digital Evidence cycle Collection, Preservation, Evaluation, Report (CPER) model
● How technology cases are conducted
● Introduction to Open Source Forensic Tools
● Using FTK Imager to gather evidence from digital containers. Creating E01 images and reviewing E01 images for potential evidence
● Using a media collection workflow
● Using write blockers to protect digital media from manipulation
● Practical Exercises – Collecting Media with Toolkit Write Blockers
● Create an E01 file using FTK imager
● Use the Logical Imager to create a collection tool
● Create a VHD file
● Move files into the VHD
● Document a VHD file
Day 2
● Use Autopsy to ingest evidence files for analysis and review
● Overview of Autopsy and its functional components
● Messier Case Ingest
● Bookmarking Artifacts
● Create reports
● Student practical exercise fine-tuning the understanding of the Autopsy GUI
● Understanding hash files
● Loading known hash file sets
● Understanding Keyword Searches
● Practicing keyword development for cases
● Choosing a search path and creating the search plan
Day 3
● Using Image Gallery to identify pictures
● Browse the thumbnail gallery
● Identify videos
● Using the Timeline Viewer
● Using Autopsy to review the registry
● Using Autopsy to find windows artifacts
● Practical Exercises to confirm learning and build on new skills taught
Day 4
● Communications Tool
● Working with Databases
● Extract data to CSV record
● Working with Email
● Extract data to CSV record
Day 5
● Practical exercise importing multiple objects into a case
● Final course exercise
● Course overview exam for cognitive understanding
Notes:

Reviews

There are no reviews yet.

Be the first to review “030220 DFM-01 (2-6 March 2020 – Youngsville NC)”

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may also like…