ISACA T&T Chapter postponed this training due to the COVID-19 safety precautions being recommended at the time. We rescheduled this training to December 14-15 2020 and offered it as a hands-on online program.
A hands-on, two (2) day program which introduces participants to the field of Digital Forensics. This course commences by examining the digital forensics process followed by demonstrating the difference between Live and Static computer forensics analyses. In addition, the course highlights the Legal Procedural Requirements when conducting investigations. It further explains how to respond to a cyber crime scene. Finally, the participants are given a practical case exercise to analyze. They will then present their recommendations based on their findings. This practical exercise will be used to evaluate participants to determine if effective learning of course modules occurred.
Upon completion of this course, you will earn up to 14 CPE hours.
TARGET GROUP
- · Security professionals
- · Auditors
- · Legal professionals
- · Computing students
- · Law enforcement personnel
- · Anyone interested in getting into the field of digital forensics
OBJECTIVES
On successful completion of this course participants will be expected to be able to:
- Interpret the Digital Forensics Process
- Perform Live and Static Data Forensics
- Respond to and Secure a cyber crime scene
- Conduct computer related Investigations
- Evaluate and Report Electronic Evidence
COURSE DETAILS
Day 1
Exploiting Technology - The Digital Forensics Process
- Define the four phases of a forensics investigation.
- Describe how each phase affects the others.
- Give examples of common oversights in the collection of digital evidence.
Sources of Digital Evidence - Volatile Data Collection
- Describe safety considerations for collection of digital evidence.
- Identify components, devices, networks, and locations in which digital evidence can be located at a crime scene.
- Indicate ways to stay current on emerging storage technologies.
Mobile Devices Considerations
- Identify mobile devices at a crime scene.
- Determine the current state of mobile devices.
- Describe ways to document potential evidential artifacts.
- Determine the appropriate data collection procedures for the given device.
- Document the collection procedures.
- Explain how to transport and store mobile devices
Practical - Digital Forensic Practical (Autopsy)
Day 2
Email Investigations
- Anatomy of E-mails
- Identify and explain e-mail threats
- Identifying e-mail deception
- Identify victim(s) and potential witness in accordance with legislation and policy
- Characteristics of e-mail evidence
- E-mail evidence vs paper evidence
- Admissibility of e-mail evidence
- Searching for e-mail evidence
Investigative Interviewing - P.E.A.C.E. Model
Mobile Forensics
- Components of Cellphones
- SIM Cards
- Handsets
- Memory cards
- Phone Interfaces
- USB, Infrared, Bluetooth
COURSE REQUIREMENTS
In preparation for the course, participants should download and install the following tools:
- Dumpit
- FTK Imager
- Autopsy
- Cryptool
- Veracrypt
Laptop requirements:
OS: Windows 10 CPU: Core i3 or betterRAM: 4GB
User must also have administrator rights to the machine
Course Pre-requirement:
The session is hands-on, therefore you will be required to attend a preparation session as well to setup your virtual lab on Thursday December 10th, 7-8pm. This information will be sent subsequently to participants.
#past_event