Digital Forensics Foundation Training Course 4 Days
Introduction to Digital Forensics
- Define Digital Forensics
- Define the Types of Forensic Investigations
- Legal Considerations
Investigation Fundamentals
- Best Practice Guideline
- The Four Principles of Computer Based evidence
- The Basics of Information Gathering
Identification and seizure of digital equipment
- Evidence Handling and Chain of Custody
- Identifying Electronic Sources of Evidence
- Seizure of Electronic Devices
- Dealing with Live Systems
Forensic Acquisitions
- Forensic Image
- Forensic Clone
- Forensic Image vs. Forensic Clone
- FTK Imager
- Hash Values
Understanding Digital Data
- Binary Digits
- Binary Conversion
- Storage Devices
- Understanding Electronic Data
Understanding Hard Drive Terminology
- Physical Drives
- Understanding Hard Drive Terminology
- Unified Extensible Firmware Interface (UEFI)
- GUID Partition Table (GPT)
File Systems & Data Storage
- Introduction to File Systems
- Data Storage
- File System Metadata
- Live, Deleted and Unallocated Data
- File Slack and Ram Slack
- NTFS Compression and Encryption
File Information
Forensic Analysis Techniques
- Analysis Environments
- Case Preparation
- File/ Folder Recovery
- Data Carving
- Data Reduction Methods
- Corroborating Evidence
Windows Artefacts
- Windows Registry
- USB Devices
- Internet History
- Prefetch Files
Forensic Challenges
Reporting
- Purpose, Type and Style
- Content
- Defence Reports
- Peer Review
Day 1 1-3
Exercise 3-1 – Identifying Sources of Electronic Evidence (10) Exercise 3-2 – Dealing with Electronic Devices (15) Exercise 3-3 – Capturing Volatile Data (30) Day 2 4-5
Exercise 4-1 – Creating a Forensic Image 30 Exercise 4.2 – Creating a Custom Content Forensic Image 20 Exercise 4-3 – Mounting a Forensic Image 15 Exercise 4-4 – Create a Ventoy Bootable Hard Drive 20 Exercise 4-5 – Capturing RAM Memory 10 Exercise 4-6 – Comparing Hash Values 15 Exercise 5.1 – Physical and Logical Disks 15
Day 3 6-8
Exercise 6.1 – Extracting Artefacts from the $UsnJrnl:$J File 20 Exercise 6.2 – MFT Records 20 Exercise 6.3 – File Metadata 20 Exercise 7.1 – Forensic Case Preparation & File/Folder Recovery 15 Exercise 7.2 – File Signature Analysis 5 Exercise 7.3 – Data Carving 15 Exercise 8.1 – Windows Registry 15 Exercise 8.2 – USB Forensics 20
Day 4 8-9
Exercise 8.3 – Internet History 20 Exercise 8.4 – Prefetch File Analysis 15 Exercise 8.5 – Identifying Installed Software 20 Exercise 8.6 – Learn how to access the contents of a volume shadow copy 20 Exercise 8.7 – Look for Evidence of Executed Programs 15 Exercise 8.8 – Examination of Link Files 15 Exercise 8.9 – Searching the Registry 15 Exercise 8.10 Exercise 8.10 – Log File Analysis 15
หลักสูตรอบรม Digital Forensics
หลักสูตรอบรม Digital Forensic Data Acquisition Course
* หากมีข้อมูลข้อผิดพลาดประการใด ขออภัยมา ณ ที่นี้ด้วย รบกวนแจ้ง Admin เพื่อแก้ไขต่อไป
ขอบคุณครับ
#WindowsForensic #computerforensic #ComputerForensics #dfir #forensics
#digitalforensics #investigation #cybercrime #fraud