TRAINING – DIGITAL FORENSICS

Course goal
To get acquainted with the basic principles of digital forensic analysis and basic tools for its partial implementation and for eDiscovery.

Who is the course for?
The training is mainly intended for technicians and experts who will perform the initial tasks on the acquired digital data.

Course contents
The course brings you basics around the digital forensic analysis. It gives instructions for the first steps in working with acquired digital evidence in relation to the most common tasks without in-depth knowledge of operating or file systems.

Course parts
1. Principles of work and manipulation with digital evidence
2. Access and recovery of deleted files, data in unallocated space and in file-slack.
3. Basic software tools for eDiscovery. Export and interpretation of found data.

Continuity
This training is directly followed by our course “Digital forensic analysis in practice”

Course price
18.000,- CZK without VAT

Course duration
1/6 (days / hours)

Min. number of trained persons
4

Course goal
Provide basic information about the location, role, and benefits of forensic analysis in an organization’s security incident response system.

Who is the course for?
The training is intended for the top and security management of the organization, internal audit departments, etc.

Course contents
The concept of forensic analysis from the perspective of ISO / IEC 27002: 2005, who can perform it and what it means in the process of investigating security incidents. When is it done and what are the approaches to performing forensic analysis. What are the benefits of performing forensic analysis for organizations.

Course parts
– basic principles of forensic work in general
– IS / IT forensic analysis site from the point of view of ISO / IEC 27002: 2005
– the place of IS / IT forensic analysis in the process of responding to security incidents
– purpose of performing IS / IT forensic analysis
– basic methodology of forensic analysis of IS / IT
– preparation
– collection of tracks
– evaluation
– formulation of conclusions
– benefits of IS / IT forensic analysis for organizations
– demands and requirements for people and technology
– legal aspects of performing IS / IT forensic analysis

Continuity
It is recommended to complete the “Introduction to ISO / IEC 27002: 2005” and “Introduction to functional recovery planning”, followed by “Digital forensic analysis in practice”

Course price
18.000,- CZK without VAT

Course duration
1/6 (days / hours)

Min. number of trained persons
4

Course goal
Equip students with knowledge and skills in acquiring digital evidence so that will be able to identify, correctly and completely acquire all relevant digital evidence in a forensic sound manner and in way that does not preclude their later use in case of further criminal or labor disputes.

Who is the course for?
The training is intended for technicians and experts who will be acquiring the data and other digital evidence.

Course content
Proper provision of digital data is a key prerequisite for any subsequent forensic analysis. Unsecured data cannot be examined, and incorrectly or incompletely acquired data can result in incomplete or even incorrect forensic analysis conclusions, with all the negative consequences this can have for both the victim and the loss of trust and reduced credibility of the person who made such conclusions.
Forensic provision of digital evidence is a basic prerequisite for objective and effective detection of other facts. Due to the constant development of the whole field of information technology, it is not enough just to learn to master a particular forensic tool. It is necessary to understand and practically master the elementary principles and specifics of digital forensic analysis and apply these creatively to the current situation, which changes practically every day and is also different from case to case. Simple templates and procedures do not apply in this area.

Course parts
1. General introduction to digital forensic analysis, its basic parameters as a basis for all other activities, technologies and procedures. Common and distinct elements of Digital Forensics (DF) and Incident Response Handling (IRH). Basic characteristics of forensic analysis.

2. Types of digital evidence and their sources. Hard drives and their types, RAM image, remote and cloud storage. Specifics of individual types of digital evidence.

3. Methods of acquiring digital evidence. Differences depending on the intended use of the acquired evidence. Offline x Online security – advantages and disadvantages. Procedure documentation. Chain of Custody.

4. Disk image formats. Basic types and uses of disk images. Open and proprietary formats and their advantages and disadvantages. Principle of compression of some formats. Requirements for forensic disk images and the most commonly used formats.

5. Forensic write blockers and duplicators. Principle of hardware protection of source data. Specifics of the most common interfaces. Advantages, disadvantages and limitations of forensic duplicators.

6. Software tools for acquiring digital evidence. The most used software tools for acquiring digital evidence. Ways of acquiring digital evidence without hardware write blockers and the risks associated with it.

7. Practical exercises

Course price
55.000,- CZK without VAT

Course duration
2/12 (days / hours)

Min. number of trained persons
2

Do you want to know more information? Don’t hesitate to contact us!

Do you want to know more information? Don’t hesitate to contact us!

WordPress Appliance - Powered by TurnKey Linux