Course Overview
This course will provide a foundation in the field of Computer Forensics. The student will learn how to obtain and analyse digital information for possible use as evidence in civil, criminal or administrative cases. Topics include applications of hardware and software to computer forensics, computer forensics law, volume and file system analysis, computer forensics investigations, and computer forensics in the laboratory. Hands-on exercises guide discussions and reinforce the subject matter.
This course is designed as an introductory course in computer forensics. Students will first understand the need for computer forensics. Students will learn best practices for general incidence response. The course will then focus on the tools and techniques to perform a full computer forensic investigation.
 
 
 
Who Should Attend?
The course has been designed for IT personnel, administrators, computer support staffs and an end-user who are aware the importance of data in their storage. No previous repair or data recovery experience necessary. This training is intended to be introduced to the latest data recovery techniques and solutions.
 
Data Recovery – Schedule 
| Day 1 | 
| 09.00am – 10.00am | Introduction to Computer Forensics 
Course overviewUnderstanding the need for computer forensicsDefining computer forensics | 
| 10.00am – 10.30am | Breakfast | 
| 10.30am – 12.45pm | Computer Hardware 
Understanding the computer componentsDigital MediaHard disk basics Computer Forensic Incidents 
IntroductionThe Legal SystemCriminal IncidentsCivil IncidentsComputer FraudInternal ThreatsExternal ThreatsInvestigative Challenges | 
| 12.45pm – 02.15pm | Lunch | 
| 02.15pm – 05.00pm | Digital Incident Response 
Digital Incident AssessmentInitial Assessment · Type of Incident · Parties InvolvedIncident / Equipment LocationAvailable Response ResourcesSecuring Digital EvidenceChain of CustodyPotential Digital Evidence OS / Disk Storage Concepts 
OS / Disk Storage ConceptsDisk Based Operating SystemsOS / File Storage ConceptsDisk Storage Concepts 1Demo  Creating a file and writing it to FAT/NTFSDisk Storage Concepts 2Slack SpaceFile Management · File Formats | 
| Day 2 | 
| 09.00am – 10.00am | Digital Acquisition & Analysis Tools 
Digital Acquisition & Analysis ToolsDigital AcquisitionTerms DefinedDemo  Generic Hash Demo / Crypto DemoDemo  Hashing a FileDigital Acquisition Procedures 1Demo Winhex SoftwareFTK Explorer / OsForensicDemo  Osforensic AcquisitionDigital Acquisition Procedures 2Digital Forensic Analysis ToolsDemo  Autopsy | 
| 10.00am – 10.30am | Breakfast | 
| 10.30am – 12.45pm | The Forensic Toolkit 
Forensic hardwareHardware write/blockersHard drive acquisitionsProcessing the sceneLab 1: Hard drive acquisition E-mail Analysis 
Viewing e-mailWebmailPOPIMAP | 
| 12.45pm – 02.15pm | Lunch | 
| 02.15pm – 05.00pm | File Signature Analysis 
File signaturesFile extensionsDifferences betweenIdentifying differencesReading: Instructor Handouts Forensic Examination Protocols 
Forensic Examination ProtocolsDemo  Create Disk ImagesDemo  Data Recovery Exercise“The 20 Basic Steps”Demo  File Carving Exercise | 
|                                                                         Day 3 | 
| 09.00am – 10.00am | Other Windows Artifacts 
Common windows artifactsRecycle binMy DocumentsRecent filesInstalled programsLab 8: Basic Computer Forensics Lab | 
| 10.00am – 10.30am | Breakfast | 
| 10.30am – 12.45pm | Image Restoration 
Live AcquisitionRecovery and SearchingPassword Cracking and Encryption Data Carving 
Data recovery: identifying hidden data, Encryption/Decryption,Steganography,Recovering deleted files.Digital evidence controls: uncovering attacks that evade detection by Event Viewer, Task Manager.Windows GUI tools, data acquisition, disk imaging, recovering swap files, temporary &cache files | 
| 12.45pm – 02.15pm | Lunch | 
| 02.15pm – 05.00pm | Anti-Forensics 
Traditional methods
Overwriting Data and MetadataCryptography, Steganography, and other Data Hiding ApproachesDecrypting EFSNon-traditional methods
Targeting forensic tool blind spotsTargeting forensic tool vulnerabilitiesTargeting generic tool/lib vulnerabilities Digital Evidence Presentation 
Processing a complete forensic casePreparing a forensic reportDigital Evidence PresentationThe Best Evidence Rule conclusion |