Forensics Acquisition & Analysis

Summary

This course teaches participants how to perform digital forensic examinations of computers and other digital media. Knowing how to properly find, recover and preserve "digital evidence" is a necessity for both criminal and civil investigations. There are very specific standards and methodologies that must be followed for digital evidence to be accepted in most courts of law. Our instructors will take you through a real investigation, step-by-step, to put into practice the knowledge that you will receive in this course. Analysis will be conducted of several different types of media and the digital evidence that it contains. During the course, you will learn the techniques used by experienced forensic examiners in exercises with actual digital forensics tools and applications. At the conclusion of the digital investigations, you will learn how to build an electronic report that documents and preserves that evidence that you have recovered.

Course length:5 days
Language:English

Course Venue (April 6 -10, 2008)
This course will be taught at the Scanit technical training classroom in Dubai Internet City. The course date is April 6 - 10, 2008. The course fee is $2,500 (US) which includes a forensic write blocker and imaging software.

Course Learning Objectives
This course is designed to provide the knowledge in computer forensics procedures, tools and technology needed to serve as a computer forensic specialist. Completion of this course will provide the skills needed to properly collect digital evidence and conduct basic forensic analysis in a legally admissible manner, using accepted forensics practices.

Course Instructors
Steve Anson, CISSP, MCSE is a former Special Agent with the US Department of Defense Criminal Investigative Service (DCIS). Mr. Anson has conducted numerous Internet investigations on some of the most sophisticated network systems in the world, and has taught computer crime investigation techniques at the FBI Academy. He has served as a Task Force Agent for the FBI as well as supervised a local police department cyber crime and technology unit. Mr. Anson is a Certified Information Systems Security Professional (CISSP), a Microsoft Certified Systems Engineer (MCSE), and the coauthor of "Mastering Windows Network Forensics and Investigations".
Domingo Montanaro, GCFA, is an Information Security Specialist and Computer Forensics Expert, who has been working with High Tech crime investigation for the private sectors including the financial markets as well as law enforcement agencies as an expert consultant. Currently holding the position of Manager of Research & Development for the Information Security and Computer Forensics Labs of Oger Systems. Domingo specializes in Information Leakage, Data Recovery, and Incident Handling, as well as being highly skilled in Anti-Forensics methodologies and tools. Guest professor at a number of Universities as an expert on Computer Forensics and author of several articles/papers as well as a key speaker at major worldwide conferences.


Course outline

Course Introduction
  • What is digital evidence
  • What can be found as digital evidence
  • Type of cases involving digital evidence - civil vs. criminal
  • What is needed to be a forensic examiner
  • Basic forensic principals - IACIS model
  • Testing and validation
Preserving Digital Evidence
  • Review of search and seizure techniques
  • Proper documentation of evidence
  • Imaging and acquisition - Physical write blockers
  • Imaging and acquisition - Forensic boot CD
  • Overview of forensic images
  • Archival methodology
Keyword Searches
  • Basic GREP
  • Indexing
Document Analysis
  • Metadata
  • Viewers
Internet History Analysis
  • IE
  • Firefox
  • Cookies
  • Bookmarks
  • History
Email Analysis
  • Email formats and containers
  • Deciphering email headers
Multimedia Analysis
  • Graphics
  • Video
  • Audio
  • EXIF data
Registry Analysis
  • Overview of Windows registry
  • Finding evidence in the registry
Recovery of Deleted Files
  • Manual vs. Automated
  • Data carving techniques
Encryption Analysis
  • Techniques for bypassing encryption
Other Digital Media
  • Optical media
  • USB Flash drives
Reporting Techniques
  • building an electronic report

Dates: Apr 06, 2008 - Apr 10, 2008 (Register for this date)

Download course leaflet as a Adobe PDF file
For more information concerning this course, please contact courses@scanit.net.