Summary
This course teaches participants how to perform digital forensic examinations of
computers and other digital media. Knowing how to properly find, recover and
preserve "digital evidence" is a necessity for both criminal and civil
investigations. There are very specific standards and methodologies that must
be followed for digital evidence to be accepted in most courts of law. Our
instructors will take you through a real investigation, step-by-step, to put into
practice the knowledge that you will receive in this course. Analysis will be
conducted of several different types of media and the digital evidence that it
contains. During the course, you will learn the techniques used by experienced
forensic examiners in exercises with actual digital forensics tools and
applications. At the conclusion of the digital investigations, you will learn how
to build an electronic report that documents and preserves that evidence that
you have recovered.
| Course length: | 5 days |
| Language: | English |
Course Venue (April 6 -10, 2008)
This course will be taught at the Scanit technical training classroom in Dubai
Internet City. The course date is April 6 - 10, 2008. The course fee is $2,500
(US) which includes a forensic write blocker and imaging software.
Course Learning Objectives
This course is designed to provide the knowledge in computer forensics
procedures, tools and technology needed to serve as a computer forensic
specialist. Completion of this course will provide the skills needed to properly
collect digital evidence and conduct basic forensic analysis in a legally admissible
manner, using accepted forensics practices.
Course Instructors
Steve Anson, CISSP, MCSE is a former Special Agent with the US Department of Defense Criminal
Investigative Service (DCIS). Mr. Anson has conducted numerous Internet investigations on some of
the most sophisticated network systems in the world, and has taught computer crime investigation
techniques at the FBI Academy. He has served as a Task Force Agent for the FBI as well as supervised
a local police department cyber crime and technology unit. Mr. Anson is a Certified
Information Systems Security Professional (CISSP), a Microsoft Certified Systems Engineer (MCSE),
and the coauthor of "Mastering Windows Network Forensics and Investigations".
Domingo Montanaro, GCFA, is an Information Security Specialist and Computer Forensics Expert,
who has been working with High Tech crime investigation for the private sectors including the
financial markets as well as law enforcement agencies as an expert consultant. Currently holding the
position of Manager of Research & Development for the Information Security and Computer Forensics
Labs of Oger Systems. Domingo specializes in Information Leakage, Data Recovery, and Incident
Handling, as well as being highly skilled in Anti-Forensics methodologies and tools. Guest professor
at a number of Universities as an expert on Computer Forensics and author of several articles/papers
as well as a key speaker at major worldwide conferences.
Course outline
Course Introduction
- What is digital evidence
- What can be found as digital evidence
- Type of cases involving digital evidence - civil vs. criminal
- What is needed to be a forensic examiner
- Basic forensic principals - IACIS model
- Testing and validation
|
Preserving Digital Evidence
- Review of search and seizure techniques
- Proper documentation of evidence
- Imaging and acquisition - Physical write blockers
- Imaging and acquisition - Forensic boot CD
- Overview of forensic images
- Archival methodology
|
Keyword Searches
Document Analysis
Internet History Analysis
- IE
- Firefox
- Cookies
- Bookmarks
- History
|
Email Analysis
- Email formats and containers
- Deciphering email headers
|
Multimedia Analysis
- Graphics
- Video
- Audio
- EXIF data
|
Registry Analysis
- Overview of Windows registry
- Finding evidence in the registry
|
Recovery of Deleted Files
- Manual vs. Automated
- Data carving techniques
|
Encryption Analysis
- Techniques for bypassing encryption
|
Other Digital Media
- Optical media
- USB Flash drives
|
Reporting Techniques
Download course leaflet as a Adobe PDF file
For more information concerning this course, please contact courses@scanit.net.
