Forensic Informatics Training-2

Duration: 5 Days

Participant Profile:

IT Managers and staff, IT Auditors, Legal Advisors and Lawyers, Information Security experts and managers, Experts, Compliance managers and staff, Academicians, Law enforcement officers, etc.

Requirements:

Basic: Completion of “Digital Forensics 1” training and basic computer usage knowledge.

Technical: Computers with at least Intel i7 processors, SSD, and 16 GB RAM for applications.

Training Location: Fordefence Digital Forensics Laboratory (Fordefence Adli Bilişim Laboratuvarı / ŞİŞLİ / İSTANBUL)

Training Methodology:

• Theoretical Information
• Sampling
• Practical Exercises
• Case Studies
• Interactive Participation
• Participation Certificate

Description:

Digital Forensics Training focuses on examining all kinds of digital materials and data from a forensic perspective and solving them by answering the questions “What?”, “When?”, “How?”, and “Who?”. Trainees will learn how the process of making digital data evidence works and how to manage the processes of acquiring, preserving, verifying, examining, analyzing, and reporting digital materials. Methods and techniques for extracting findings from file systems and using them during investigations are taught.

The training provides information on file types and structures and involves hands-on work on file extraction techniques. Trainees will be able to perform keyword searches on examined materials and learn how to expand these searches using templates (patterns). Digital forensics professionals may need to narrow, expand, or deepen their investigation, and the necessary skills for these operations will be imparted to the trainees. Various digital forensics software will be used for a comparative demonstration of actions taken during the investigation.

The course covers the examination of the most commonly used Windows operating systems and mobile devices. Trainees will perform analyses and examinations on sample image copies and data in a laboratory setting. Multiple digital forensic tools will be used for sample work on common digital data types, Windows operating systems, and mobile devices.

Training Program:

Day 1

•  Imaging and Verification Methods,
• Tools, and Formats
• Partition and Volume Analysis
• Partition Deletion and Recovery
• Practical File Systems Examination (FAT, NTFS)
• Keyword and Pattern Search
• Creating, Verifying, and Searching File Signatures

Day 2

• File Extraction
• File Comparison (File name, Metadata, Content)
• Narrowing Investigation Methods
• Timeline
• File Content Elimination
• Status Elimination
• Image and Compound File
• Header Information

Day 3

• Windows Examination
• File Systems Analysis
• Windows Operating System Components
• Memory, Pagefile, and Unallocated Space Analysis
• Basic Registry
• User and Group Profiling
• Basic System Information
• User Data
• Tools Used
• Shell Items Analysis
• USB Forensic Examinations
• Email Forensics
• Other Operating System Structures Examination
• Windows Event Logs Analysis
• Browser Examinations
• Case Study

Day 4

• Mobile Examination
• Overview of Mobile Devices
• Examination of Malicious and Spyware on Mobile Devices
• Evidence Acquisition from Mobile Devices
• Detailed Explanation of Best Mobile Examination Tools
• Recovering Deleted Data from Mobile Devices
• Examination of SQLite Databases and Creating Custom SQL Statements
• Finding User (offline and online) Activity Traces
• Data Acquisition from Applications
• Examination of Event Logs
• Manual Analysis for Recovering Lost Data
• Acquisition of User and Device-Originated Data
• Intervention in Locked and Encrypted Devices
• Incident Response on Mobile Devices (Changes Made by Activities on the Device)

Day 5

• Forensic Informatics II Evidence Collection and Reporting Applications.

To view other trainings offered by Fordefence click here.