Digital Forensics Foundation (English)

Date/Time: 24/04/2018 - 27/04/2018 9:30 am - 4:30 pm

Category(ies)


Digital Forensics Foundation (English)

About this course

A 4 day practical training course for people who are responsible for digital forensic investigations or are wishing to become a digital forensic investigator. The course will provide a solid foundation in the understanding of digital forensics principles and techniques. Each subject is covered in depth and supported by practical scenario based exercises to reinforce the learning points. The candidate will use a range of free and open source forensic tools. This allows the candidate the opportunity to practice what they have learnt on the course without the need to invest in expensive forensic software / hardware. The course has been designed by experienced forensic investigators with many years’ experience ensuring the course content is both relevant and practical.

Who Should Attend

The course is aimed at people who are responsible for digital forensic investigations or are wishing to become digital forensic investigators, including: IT security professionals and law enforcement officers.

Course Contents

1 – Introduction to Digital Forensics
• Define Digital Forensics
• Define the types of Forensic Investigations
• Legal Considerations 7 – File Systems & Data Storage
• Introduction to File Systems
• Data Storage
• File System Metadata
• Live, Deleted and Unallocated Data
• File Slack and Ram Slack
• NTFS Compression and Encryption

2 – Investigation Fundamentals
• Best Practice Guidelines
• The Four Principles of Computer Based Evidence
• The basics of information gathering 8 – File Information
• Date and Time Stamps
• File Metadata

3 – Identification and seizure of digital equipment
• Evidence Handling & Chain of Custody
• Identifying Electronic Sources of Evidence
• Seizure of Electronic Devices 9 – Forensic Analysis Techniques
• Analysis Environments
• Case Preparation
• Folder / File Recovery
• File Signatures and Data Carving
• Data Reduction and Hash Analysis
• Keyword Searching
• Evidence Corroboration

4 – Forensic Acquisitions
• Forensic Acquisitions
• Forensic Image
• Forensic Clone
• Forensic Image vs. Forensic Clone
• FTK Imager
• Mounting a Forensic Image
• Hash Values 10 – Windows OS Artefacts
• The Windows Registry
• Internet History
• Link Files
• Previously connected USB Devices
• Log Files
• Prefetch Files

5 – Understanding Digital Data
• Binary Digits
• Binary Conversion
• Storage Devices
• Understanding Electronic Data 11 – Forensic Challenges
• Encryption and Passwords
• Data Wiping
• Malicious Activity

6 – Understanding Hard Drive Terminology
• Physical Drives
• Understanding Hard Drive Terminology
• Unified Extensible Firmware Interface (UEFI)
• GUID Partition Table (GPT)

7 – File Systems & Data Storage
• Introduction to File Systems
• Data Storage
• File System Metadata
• Live, Deleted and Unallocated Data
• File Slack and Ram Slack
• NTFS Compression and Encryption

8 – File Information
• Date and Time Stamps
• File Metadata

9 – Forensic Analysis Techniques
• Analysis Environments
• Case Preparation
• Folder / File Recovery
• File Signatures and Data Carving
• Data Reduction and Hash Analysis
• Keyword Searching
• Evidence Corroboration

10 – Windows OS Artefacts
• The Windows Registry
• Internet History
• Link Files
• Previously connected USB Devices
• Log Files
• Prefetch Files

11 – Forensic Challenges
• Encryption and Passwords
• Data Wiping
• Malicious Activity

12 – Reporting
• Purpose and layout of Report
• Content of Report

Training Info

Duration:  4 Days
Date: April 24 – 27,2018

Venue:  ACinfotec Training Center
16th Fl., Asia Centre Bldg., South Sathorn Rd.

Price : THB 39,800 (Excluding 7% VAT)
Contact:  Tel  02 670 8980-3 ext. 312
E-mail :  [email protected]

Course Registration


Terms & Conditions for Course Registration

Please read the following terms & conditions for course registration carefully. Upon clicking submit button, it is demonstrated that I/We understand and accept the registration and cancellation policies and procedures.

  • Full payment is required in advance prior to course commencement date.

Cancellation Policy

  • Payment is due upon registration
  • Delegates who cancel after registration, or who don’t attend, are liable to pay the full course fee and no refunds can be given
  • A replacement is always welcome

Disclaimer: ACinfotec reserves the right to change, postpone or cancel. Any part of its published programme due to unforeseen circumstances.