Every crime has an involvement with digital devices. Therefore, the importance of digital forensics investigations has rapidly increased in the recent past. Due to that fact, digital forensics has become a fast-growing market with high demand for trained professionals.
Though criminals try their best to minimize their footprints in the crime scene, every criminal leaves some footprints when committing crimes. Criminals also use the technology to obfuscate the investigators and make the evidence unavailable for forensic use. Therefore, investigating such crimes and identifying those footprints requires an expert level of knowledge and techniques to be followed. Following proper forensics methodologies and principles ensures the admissibility of both evidence and reports in the court.
These forensics investigations help to determine when, what, who, where and how the cyber-crime has happened and get a clear picture of the cyber-crime. Identifying the current challenges along with existing tools, technologies and techniques helps investigators to conduct a successful investigation. Due to the fact that most often these digital forensics reports are submitted to the court and most law enforcement officials are aware of the technical terms and technologies, the way of presenting the identified evidence should have certain characteristics for effective reporting.
This program will help students to build the skills and experience to answer these important questions. The program gives an overall knowledge about the methodology, principles and techniques of digital forensics and also covers core theories, which are combined with solid practical foundations. By doing this, a student will be able to achieve the level of competence required in security roles in the industry.
The platform created in this program helps students to get involved in hands-on practicals and get proper feedback from an industry expert, which will help students to identify the practical questions and difficulties they will face while clarifying their doubts.
DURATION: 3 hours (3 CPE Points)
What is digital forensics and its domains, importance of digital forensics in today’s world, and computer forensics methodology
After this section of the course, you will be able to describe digital forensics and its domains, follow the proper Digital Forensics methodology, record proper forensics documentation in evidence acquisition, identify the digital evidence present from scene, securely collect the evidence from scene, calculate and verify the integrity of the digital evidence, securely store and transport the digital evidence to the forensic lab.
EXERCISE: Evidence collections, its guidelines and best practices
EXERCISE: Integrity in digital evidence
Forensic principles, Live system, Dead system and Hibernated system, Order of volatility, Forensics on hibernated computers, Difference between image and clone, Key steps in analysis, Effective tips on log analysis
After this section, you will be able to differentiate the forensic image and cloning, follow the principles of digital forensics, differentiate the evidence state and its acquisition in live system, dead system, and hibernated systems, list the order of volatility that should concern in evidence acquisition, follow the tips when analyzing log files, create a comprehensive timeline from the collected evidence and analyze the timeline, and extract Windows registry files, analyze and extract information from the windows registry files.
EXERCISE: Forensic timeline creation using log2timeline
EXERCISE: Introduction to Windows registry analysis
Commonly used tools in forensic investigations, Forensic reporting, Witnesses, Why should you certify with forensics tools?, Challenges in digital forensics, Introduction to anti-forensics techniques
After this section, you will be able to list most popular forensics tools used in digital forensics, create comprehensive forensic report admissible in courts, differentiate the expert witness and technical witness and their respective job roles, identify and categorize the challenges in digital forensics, and identify the anti-forensics techniques
Your instructor: Chirath De Alwis
Chirath De Alwis is an information security professional with more than three years’ experience in Information Security domain. He holds BEng (Hons) Computer network and Security (UK), C|HFI, C|EH and Qualys Certified Security Specialist certifications. Currently, Chirath is involved in vulnerability management, incident handling and digital forensics activities in Sri Lankan cyberspace.
What will you need?
- Latest VMware Player, VMware Workstation, VMware Fusion
- Virtual Machines:
- Windows 7 32/64 Bits
- 1GB minimum
- SANS SIFT virtual machine (Download Link: https://digital-forensics.sans.org/community/download)
- Hard disk: Minimum 50GB of free space
- RAM: 4GB Minimum 6GB recommended
- Minimum dual core CPU (Intel prefered, i3, i5 or i7)
- 64 Bits OS with administrator access (host computer): Windows, Linux or Mac OS
- 2 free USB ports
What should you know before you join?
- A background or qualification in IT or a related field
- Knowledge of basic commands in Linux is an added advantage
- The course is self-paced – you can visit the training whenever you want and your content will be there.
- Once you’re in, you keep access forever, even when you finish the course.
- There are no deadlines, except for the ones you set for yourself.
- We designed the course so that a diligent student will need about 3 hours of work to complete the training.
- Your time will be filled with reading, videos, and exercises.
If you have any questions, please contact our eLearning Manager at [email protected].
There are no reviews yet.