SIRCHIE Media Investigations – Youngsville NC – 28 August 2018
This 2 day course is designed to introduce the investigator to the domain of digital forensics. With over 9 billion wireless subscriptions worldwide as of 2016, every criminal investigation involves information that can be captured from a digital device, including phones and tablets. Understanding what information can be obtained from these devices, as well as how to collect and preserve the information legally is critical.
Travel and Lodging
The HTCI classroom is located on the campus of SIRCHIE International, the worlds largest producer and supplier of Evidence collection material in the world. The campus is made up of 126 acres of prime training ground. A mix of first class classrooms and outdoor facilites make this an exceptional location to train in. The HTCI classroom is located 30 minutes from the Raleigh/Durham airport for the convenience of students that must travel by air. The facility is also serviced by two major interstates allowing for quick and easy access to and from the facility.
The facility is a nonsmoking facility. Students attending will be required to leave campus to smoke.
|OBJECTIVES||• Student will discuss the need for digital forensics|
• Student will be able to understand the CPER model
• Student will be able to how to collect digital evidence
• Student will be able to basic understanding of media forensics
• Student will be able to image media using a forensic tool
• Student will be able to navigate and import an image file for forensic processing
• Student will be to conduct basic analysis of digital media
• Student will discuss cellular devices and the collection of cellular devices
• Student will be able to collect cellular devices
• Student will be able to isolate devices for collection
• Student will be able to discuss the numbers and numbering patterns assigned to cellular devices
• Student will be able to collect and examine a basic cellular device
• Student will prepare reports for analysis an collection
|Student Schedule |
(Proposed, as topics may move within the structure for time and external events)
● Overview of the Digital Evidence cycle Collection, Preservation, Evaluation, Report (CPER) model
● Introduction to Open Source Forensic Tools
● Using FTK Imager to gather evidence from digital containers. Creating E01 images and reviewing E01 images for potential evidence
● Use Autopsy to ingest an E01 image for analysis and review
● Conduct a sample case to show the power of FTK and Autopsy in a hands on case environment
● Cell Phone collection overview (what is the difference in the CPER model)
● Paraben D3 collection overview to collect cellphone data from the handsets
● Using DART to correlate cellphone extractions producing nodal analysis
● Using Call Detail Records (CDR) in your investigations
● Using MapLink to plot evidence from CDR
● Hands on practical exercise using the cellphone collection tools to produce evidence.