Digital Forensics & Data Analysis 101 + CUFO (22-26 March 2021)

Date:22-26 March 2021

Price: AUD $3960 for 5-day

Location: Virtual Instructor Led

 

Course summary
This course is focused on providing Investigators with the knowledge required to perform a proper Collection, Triaging, Reviewing and Examination of Digital Evidence.

5-Day Instructor Led Course
Focus
This course is focused on providing Investigators with the knowledge required to perform a proper Collection, Triaging, and Reviewing of Digital Evidence.

Course outcomes include
Digital Forensic Triage
Forensic Imaging of USB Devices
Reviewing Digital Evidence
Communicate and work efficiently with Digital and Cyber Teams
Mobile Device Technology Overview: Cellebrite UFED Field Operator (CUFO)
Target audience
Government and Law Enforcement Investigators
Cyber Crime Investigators
Digital Forensic Investigators
IT Security Managers
Theory and practical
Multiple practical exercises are provided to enforce key concepts learned

Trainer
Zoran Iliev – Forensic Examiner
Master of eForensics and Enterprise Security

Day ONE
MOD 1: FORENSICS AND DIGITAL FORENSICS
What is Forensic Science
The role of the Forensic Science in the Legal System
Why is important to understand the forensic evidence
Identifying Forensic Traces
MOD 2: DIGITAL FORENSIC PRINCIPLES
Introduction and Discussion
MOD 3: HARDWARE PRINCIPLES
Desktops, laptops, and other devices with operating systems
Boot Process
Forensic Boot
MOD 4: STORAGE MEDIA PRINCIPLES
Different types of Digital Storage Devices and Media
Introduction to data organisation (file systems and data structures)
Remote / Network / Cloud Storage
MOD 5: OPERATING SYSTEMS
What is Operating System
Different types of Operating Systems
Common OS forensic artefacts
Application Software
Day TWO
MOD 6: DATA PRESERVATION PRINCIPLES
Different types of Hardware Write Blocking and Imaging Devices
Software Write Blocking Applications
The importance of testing and verification of DF tools
MOD 7: MANAGING DIGITAL EVIDENCE AT THE CRIME SCENE
What is Digital Forensic Crime Scene
Prepare before attending the Crime Scene
DF team member and the warrant holder
Interviewing suspects in relation to digital evidence
How to control the Digital Forensic Crime Scene
The importance of the forensic approach when processing Digital Evidence
Protect and manage digital evidence at the crime scene
Document digital evidence at the crime scene
Processing a crime scene involving digital evidence and perform preliminary survey
Introduction to Digital Forensic Triage
Develop a plan for successful triage of digital evidence
Day THREE
MOD 8: THE ACQUISITION PROCESS
Digital evidence collection
How to prepare/sterile Target Media
What is Forensic image and what is a Clone
Different types of Forensic Image Formats
Perform basic imaging
Data collection
Practical Exercises
Prepare target media
Test and verify DF tools
Imaging
Cloning
Data Containers
Targeted Collections
Authentication
Day FOUR
MOD 9: DIGITAL FORENSIC TRIAGE
The theory of DFT
Using different tools to perform DF Triage
Triaging of storage devices
Prioritising devices for Live examination and collection (Volatility Risk Assessment)
Triaging of computer systems and smart devices
Windows
Apple
Android
How to Identify “Hot Zones” for effective DFT on powered on systems
Live DFT Workflow
DFT and RAM
Identify Encrypted structures (Volumes, Folders…)
Bit Locker
Specialities of APPLE devices
MOD 10: OHS AND OFFICER SAFETY
How to identify and manage individual and environmental threats to an officer’s
safety
How to deploy proper procedures and tactics to
MOD 11: DIGITAL EVIDENCE IN COURT
Introduction
Day FIVE
MOD 12: Mobile Device Technology Overview: Cellebrite UFED Field Operator (CUFO)
cufo
Mobile Device Technology Overview
Data Locations
Forensic Handling of Mobile Devices
UFED Kiosk Tour
SIM Extraction with UFED Kiosk
Mobile Device Extraction with UFED Kiosk
SD Card Extractions with UFED Kiosk
Viewing Data using the UFED Kiosk
NOTE:

This list is dynamic and can be changed on request to include additional tools.
CDFS reserves the right to change the tools without prior notice unless otherwise agreed.

/* Omit closing PHP tag at the end of PHP files to avoid "headers already sent" issues. */