Next Scheduled Date: 1 Jan 0001
- Duration: 3 Days
-
Funding:
Contract Funded
- Full course cost is paid in Module 1
- For modular pricing info click here
- Book today!
Why take this course?
Cyber-crime and data breaches are a major and ever increasing threat to businesses. This course will provide Service leavers with an overview of the basic principles of digital forensics, and an understanding of the terminology used.Is this the right course for me?
Qualifications
Attendees may sit an optional 'APMG Certificate in Digital Forensics Fundamentals' exam following the course, at an additional cost.
Eligibility
This is a practical hands-on course and attendees are expected to have good IT skills, as you will be examining hard drives, different file systems, operating systems, and looking at windows registry and the location of data.This is an ideal follow on course for those Service leavers who have completed the CTP CompTIA Network+ and Security+ course.
Fee Information
There will be an additional cost of £250 + vat (£300) for the exam.
Please contact CBIC on 01252 954007 if you wish to add the exam to your booking. The exam fee must be paid in full to CBIC by the final day of your course.
Course Content
Module 1: Intro to Digital forensics
- What digital forensics is
- What is digital evidence?
- When and why is digital forensics used?
- Different Types of Digital Forensics – Standalone and e-discovery
- What skills should a computer forensic expert have?
- Introduction to the forensic framework
Module 2: The Legal Framework
- What legislation applies to investigations?
- ISO/IEC standards what does it cover?
- What does the legislation cover?
- What do authorising officers have to consider
- What does the legislation mean for investigators?
- The consequence of failing to adhere to the legislation which applies
- Computer Misuse Act and how it applies
Module 3: Collecting Digital Evidence
- The NPCC guidelines and how they apply to the collection of digital evidence
- The role of a First Responder
- Triaging – the new digital forensics approach
- What is ‘chain of custody’ concept and how critical it is to maintain
- Triaging – Digital Forensics
- What is the order of volatility
Module 4: Imaging Digital Evidence
- What imaging is and why we work on imaged data
- Write blocking hardware and software
- How do we forensically image a live device?
- How do we forensically image a switched off device?
- Physical and Logical Imaging
- Understand Hashing Algorithms and collisions and how it is used to verify acquisitions
- Creating Forensic Image using FTK Imager
Module 5: Hardware
- Why do we need to know about hardware?
- Live RAM capture and analysis (pagefile.sys and hiberfil.sys)
- Data storage – magnetic hard disks
- Understand how solid state drives and flash memory differ
- What is the BIOS and UEFI and what settings they hold
- Analysing the boot process
- Partitioning Disk analysis
- Volume and Master Boot Record
Module 6: Information Representation and File Systems
- How number systems work and how data is represented in binary and hexadecimal
- Difference between Big and Little Endian
- Character Encoding ASCII and Unicode
- Different File systems NTFS, FAT
- Analysis what happens when file is saved, deleted
- What is Slack Space and the different types of slack
- Access control lists and permissions
- What is the Master File Table used for?
- Recovering Data from Recycle bin
- Viewing Deleted data
- Analysis of Prefetch folder
- Differences between user profiles
Module 7: File Signatures & File Carving
- File Signatures Analysis
- Manual File carving
- File Carving Using Kali Linux
Module 8: Windows Artefacts, Metadata and hash tables
- What is Metadata?
- Understand about MAC times
- How to find meta-data inside documents
- How to use Fingerprinting Organizations with Collected Archives how to extract Meta-data
- EXIF Data and analysis
- Windows User Profile
- Identifying different Windows Artefacts and what information can be found
- Analysing Thumbnail Cache
- Viewing the Windows Registry and locating information
- Analysing Email Headers
- Forensic Analysis of HTTP data using Wireshark
- Analysing of web browser artefacts
- Understanding the different type of logs and what information they can provide as part of forensic analysis
- Analysing thumbnail cache databases
- How to analyse the windows registry and find evidence
- How to analyse email headers
Module 9: Mobile Phone Forensics
- Mobile Forensics Require a Different Approach
- What information a mobile device can provide
- Different methods for conducting mobile device examinations
- Mobile phone evidential values
Module 10: Reporting
- The difference between notes, examination logs and witness statements
- The issue with printing evidence and court requirements
Module 11: Forensic Tools
- Commercial Forensic
- Open Source Forensic Tools
Exam Information -
There is an optional APMG Certificate in Digital Forensics Fundamentals, which can be taken by delegates in their own time after the course. This is an online Proctor-U exam
There will be an additional cost of £250 + vat (£300) for the exam.
Duration - 90 minutes. Questions - 70 Multiple choice (4 multiple choice answers only 1 of which is correct). Pass Mark - 50%
Delegates will receive individual emails to access their AMPG GCT candidate portal, typically available two weeks post exam.
Career Opportunities
This training, along with some experience in IT will be beneficial to Service leavers considering a variety of Cyber security related roles in government or within local and national businesses. It is also relevant for the increasing roles in Cyber Security and forensics within police forces around the UK.Introduction to Digital Forensics
Scheduled dates and locations
- Date Location Availability