forensics Training Course Content
Introduction to Computer Forensics
- Recommended Machine Configurations
- What makes a good computer forensic examiner?
- Computer Forensics Versce E Discovery
- Dealing with clients or employers
- Work Product
- Client Contracts
- Legal & privacy issues
- Software Licensing
- Ethical Conduct Issues
- Cases that may include digital evidence
- Forensic Examination Procedures
- Determining Scope of Examinations
- Hardware & Imaging Issues
- USB & Optical Media Examination
- Limited Examinations
- Forensically Sterile Examination Media
- Examination Documentation & Reports
- ASCII Table
- General Overview of Boot Process & Operating Systems
- BIOS History
- Networked Computers
- Media Acquisition
- Acquisition Documentation
- Chain of Custody
Imaging
- Imaging Theory & Process
- Imaging Methods
- Write Blocking
- Imaging Flash Drives
- Wiping, Hashing, Validation, Image Restoration, Cloning, Unallocated Space
- Drive Partitioning
- One (1) Student Lab Practical Exercise
File Signatures, Data Formats & Unallocated Space
- File Identification
- File Headers
- General File Types
- File Viewers
- Examination of Compressed Files
- Data Carving
- One (1) Student Lab Practical Exercise
FAT File System
- Logical structures of DOS & Windows Operating System
- Master Boot Record
- File Allocation Table
- 16 Bit FAT
- 32 Bit FAT
- Directory Entries
- Clusters
- Unallocated Space
- Sub-Directories
- FORMAT
- Six (6) Student Lab Practical Exercises
NTFS
- Introduction & Overview
- Basic Terms
- Basic Boot Record Information
- Time Stamps
- Root Directory
- Recycle Bin
- File Creation
- File Deletion
- Examining NTFS Drives
- Two (2) Student Lab Practical Exercises
Registry & Artifacts
- Creating an Examination Boot Disk
- Data Recovery
- Windows Swap & Page Files
- Forensic Analysis of the Windows Registry
- Internet Cache Files, Cookies & Internet Sites
- Microsoft Outlook
- MSMAIL
- Logical Structures
- Tracking User Specific Computer Use
- Internet Explorer Cache Index
- Basic Mail Issues
- Basic Internet Issues
- Common Situations Encountered during Examinations
- Password Protection & Defeating Passwords
- Compound Documents
- Examining CDR Media
- Three (3) Student Lab Practical Exercises
Forensic Policy, Case Writing, Legal Process & Forensic Tool Kits
- Use of Policy & Checklists in Forensic Practice
- Data Presentation to Client
- Case Report Writing
- Legal Process
- Expert Admission
- Going to Court
- Use of Forensic Tools & Software
- One (1) Student Lab Practical Exercise – Hard drive examination
Introduction to Mobile Data Exploitation
- Mobile Phone Extraction Process
- Collection
- Isolation
- Interrogation
- Imaging
- Analysis
- Mobile Networks
- International Mobile Subscriber Identity
- Use of Forensic Tools & Software
- One (1) Student Lab Practical Exercise