Digital And Computer Forensics And Investigations Training

INTRODUCTION

Computer and Mobile Forensics teaches you how to identify, preserve, extract, analyze and report forensic evidence on computers and mobile devices. You will learn about the challenges of computer and mobile forensics, walk through the process of analysis and examination of operating systems and mobile devices, and gain a deep understanding of differences in evidence locations and examination techniques on Windows and Linux computers and Android, iOS and Windows phones.The course provides trainees with a practical based understanding of the methodologies, tools and techniques used in computer forensic and investigation in digital environment. The course content covers acquisition, collection, seizure and preservation of evidence handling, interpretation and final reporting and presentation of findings.

COURSE OBJECTIVES

After competing this course, you will be able to:

• Understand the fundamentals of digital forensics and explain the need for mobile device forensics
• Understand the threats associated with mobile devices
• Classify evidence types on mobile devices and evidence acquisition types
• Explain different mobile hardware architecture
• Develop a mobile forensics investigation process
• Use various forensic tools for investigation
• Investigate mobile security breaches and identify the criminal
• Restore the data and generate reports for future threats/attacks analysis
• Gathering volatile and non-volatile data from Windows and recouping erased documents from Windows, Mac OS X, and Linux. Researching password secured documents by utilizing password cracking concepts and tools
• Roles of the first responder, first responder toolkit, securing and assessing electronic crime scene, directing preliminary interviews, archiving electronic crime scene, gathering and safeguarding electronic proof, bundling and transporting electronic crime scene, and detailing electronic crime scene.
• Setting up the computer forensics lab and creating investigation reports.
• Steganography, Steganalysis and image forensics.
• Kinds of log capturing, log management, Investigation logs, network traffic, wireless attacks, and web assaults.

DURATION

10 Days 

WHO SHOULD ATTEND

This training course is suitable to a wide range of professionals but will greatly benefit:

Information Security Professionals, Cyber Security officers, Security Officers, Computer Forensic Analyst, Forensic and Network Investigators , Law Enforcement Officials, Ethical Hacking Expert, Digital Forensics Investigators, Risk Assessments Professionals, Mobile Developers, anyone who deals with implementation, testing, security hardening of mobile devices.

 COURSE CONTENT

Module 1

• Course introduction
• Computer forensics and investigation as a profession
• Define computer forensics
• Describe how to prepare for computer investigations and explain the difference between law enforcement agency and corporate investigations
• Explain the importance of maintaining professional conduct
• Digital evidence — legal issues
• Identifying digital evidence
• Evidence admissibility
• Rules of evidence
• What is seizure?
• Consent issues
• Expert witness
• Roles and responsibilities
• Ethics
• Investigations
• Investigative process
• Incident response
• E-discovery
• Criminal vs. civil vs. administrative investigations
• Intellectual property
• Reporting
• Quality control
• Evidence management
• Current computer forensics tools and hardware

Module 2

• Forensic science fundamentals
• Principles and methods
• Forensic analysis process
• Hardware
• Storage media
• Operating system
• File systems
• Erased vs. deleted
• Live forensics

Module 3

• File and operating system forensics
• Keyword searching
• Metadata
• Timeline analysis
• Hash analysis
• File signatures
• Volume Shadow Copies
• Time zone issues
• Link files
• Print spool
• Deleted files
• File slack
• Damaged media
• Registry forensics
• Multimedia files
• Compound files
• Web and application forensics
• Common web attack vectors
• Browser artifacts
• Email investigations
• Messaging forensics
• Database forensics
• Software forensics
• Malware analysis

Module 4

• Network forensics
• TCP/IP
• Types of attacks
• Wired vs. wireless
• Network devices forensics
• Packet analysis
• OS utilities
• Network monitoring tools
• Anti-forensics
• Hiding
• Steganography
• Packing
• Hidden devices (NAS)
• Tunneling/Onion routing
• Destruction
• Spoofing
• Log tampering
• Live operating systems

Module 5

• New & emerging technology
• Legal issues (privacy, obtaining warrants)
• Social networks forensics
• Types of social networks
• Types of evidence
• Collecting data
• Virtualization
• Virtualization forensics
• Use of virtualization in forensics
• Cloud forensics
• Types of cloud services
• Challenges of cloud forensics
• Big data
• Control systems and IOT
• Mobile forensics introduction
• Types of devices
• GPS
• Cell phones
• Tablets
• Vendor and carrier identification
• Obtaining information from cellular provider
• GSM vs. CDMA
• Common tools and methodology

Module 6

• Mobile forensics process
• Mobile forensics challenges
• Types of evidence found on mobile devices
• Collecting mobile devices at the scene
• Comparison of mobile operating systems
• Data acquisition methods
• Reporting findings
• Android forensics
• Android platform
• Android security model
• Bypassing Android security features
• Android logical data acquisition and analysis
• Android physical data acquisition

Module 7

• iOS forensics
• Apple iOS platform
• iOS security
• Bypassing iOS security features
• iOS data acquisition and analysis
• iPhone/iCloud backups
• iOS data recovery techniques
• Windows phones
• Windows Phone OS: partitions and filesystems
• Windows Phone security features
• Windows Phone logical acquisition and analysis
• Windows 10 mobile OS forensics
• Feature phones forensics
• Acquiring and examining data from feature phones

NB: This a full practical oriented training. Participants are required to have laptops.

THE END