Digital Forensics & Data Analysis 101
(4-DAY INSTRUCTOR LED COURSE)
COURSE SUMMARY
Learn about Digital Forensics and develop a thorough understanding of how to collect and analyse digital evidence effectively. Learn how to navigate the complexities of digital evidence sources, including computers, smartphones, and cloud platforms, and gain hands-on experience with the latest forensic tools and techniques.
This class is not just about theory – it’s about results. By the end of this course, you will be equipped with practical skills and knowledge needed to maintain the integrity of digital evidence throughout the collection, triage, review, and examination process, and explore ethical considerations that come with handling sensitive data.
COURSE OUTCOMES
- Digital Forensic Triage
- Digital Forensic Acquisition
- Reviewing Digital Evidence
- Communicate and work efficiently with Digital Forensic and Cyber Teams
- Mobile Device Technology Overview
TARGET AUDIENCE
- Government and Law Enforcement Investigators
- Cyber Crime Investigators
- Digital Forensic Investigators
- IT Security Managers
- Incidence Response Members
THEORY AND PRACTICAL
- Multiple practical exercises are provided to enforce key concepts learned.
MODULE 1: FORENSICS AND DIGITAL FORENSICS
- What is Forensic Science
- The role of Forensic Science in the Legal System
- Why is it important to understand forensic evidence
- Identifying Forensic Traces
MODULE 2: DIGITAL FORENSIC PRINCIPLES
- Introduction and Discussion
MODULE 3: SOURCES OF DIGITAL EVIDENCE
- Desktops, laptops
- Smart Devices (Mobiles, Tablets)
- Internet of Things (IOT)
MODULE 4: STORAGE MEDIA PRINCIPLES
- Different types of Digital Storage Devices and Media
- Introduction to data organisation (file systems and data structures)
- Remote / Network / Cloud Storage
MODULE 5: OPERATING SYSTEMS
- What is anOperating System?
- Different types of Operating Systems
- Common OS forensic artefacts
MODULE 6: DATA PRESERVATION PRINCIPLES
- Different types of Hardware Write Blocking and Imaging Devices
- Software Write Blocking Applications
- The importance of testing and verification of DF tools
- Boot Process
- Forensic Boot
MODULE 7: DIGITAL EVIDENCE AT THE CRIME SCENE
- Develop a plan for successful triage of digital evidence order
- What is a Digital Forensic Crime Scene
- Prepare before attending the Crime Scene
- Search Warrant Conditions, the role of the DF team member, and the warrant holder
- Assisting with interviewing suspects in relation to digital evidence
- Processing a crime scene involving digital evidence and perform preliminary survey
- Protect and manage digital evidence at the crime scene
- Document digital evidence at the crime scene
- Introduction to Digital Forensic Triage order
MODULE 8: THE ACQUISITION PROCESS
- Digital evidence collection
- How to prepare/sterile Target Media
- What is Forensic image and what is a Clone
- Data collection
- Prepare target media
- Test and verify DF tools
- Imaging
- Cloning
- Data Containers
- Targeted Collections
- Authentication
MODULE 9: DIGITAL FORENSIC TRIAGE
- The theory of DFT (Digital Forensic Triage)
- Using different tools to perform DFT (Digital Forensic Triage)
- Triaging of storage devices
- Prioritising devices for live examination and collection (Volatility Risk Assessment)
- Triaging of computer systems and smart devices
- Windows
- Apple
- Android
- How to Identify “Hot Zones” for effective DFT on powered-on systems
- Live DFT Workflow
- DFT and RAM
- Identify Encrypted structures (Volumes, Folders…)
- Bit Locker
- Specialties of APPLE devices
MODULE 10: OHS AND OFFICER SAFETY
- How to identify and manage individual and environmental threats to an officer’s safety
- How to deploy proper procedures and tactics to ensure personal safety as well as the safety of others at the electronic crime scene
MODULE 11: DIGITAL EVIDENCE IN COURT
- Introduction
- Bevan v The State of Western Australia
