Computer forensics acquisition and analysis of digital evidence of crimes

1 490 € (excl. VAT)

Training price:


The training takes place on a BYOL (Bring Your Own Laptop) basis. This means that you must bring your own laptop to the training or inform us if you do not have one.

Training specification

Are you fascinated by the world of cybercrimes? Do you want to learn the latest technologies used in IT forensics? Are you required to know how to deal with the situation where the protection of evidence on mobile devices is crucial? Do not hesitate and sign up today for training in computer forensics in the Dagma Authorized Training Center!

Why us?

Our training courses are carried out by experts in computer forensics, recognised in Poland and worldwide. Their knowledge is confirmed by numerous certificates and diplomas. The fact that Polish courts and the police regularly ask them for help in obtaining evidence for ongoing investigations reflects high qualifications and extraordinary experience of our trainers.


During the first day of training you will learn the basics necessary to start an adventure with IT forensics. You will learn what digital evidence is and how it should be handled. You will learn digital investigative techniques. You will learn how to protect data contained on a digital medium and how to give them evidential value. You will also become familiar with devices and software necessary in the world of computer forensics. Moreover, you will have a unique opportunity to practice media protection methods using the world's best Logicube's Falcon devices, as well as mobile devices through UFED by Cellabrite - a leader in computer forensics specialising in mobile devices. We will also provide you with a tool to secure encrypted copies of hard drives from Mac Recon - Sumuri


On the second day of training, we will teach you how to create your own analytical environment that you can use for many years of your career. We will reveal how to conduct digital media analysis examination entirely without software, how to secure data when only CDLive with Linux is available. We will also reveal the secrets of VSS systems analyses, MFT board, ways to hide and search information in alternative data streams, ways of hiding text in graphics (steganography), and we will present "a hundred" other issues in the field of advanced techniques used in computer forensics.


On the third day, we will focus on mobile devices - you will learn about programmes and tools that help to extract information stored in the memory of mobile devices with the use of Cellebrite's world-renowned UFED devices. You will learn how to use specialised software, logical extraction of devices and SIM cards, the methods for extracting the file system and how to search for specific information in the jungle of all your data.

The entire training is based on practical tasks carried out on prepared images of mobile devices, as well as on real smartphones and tablets. This stage of training will introduce you to the world of analysis of existing and deleted data, building regular expressions that allow you to search data in hexadecimal codes and searching for artefacts to bypass user security and locks.


21 h (3 days x 7 h)


Day 1

  • Computer forensics - definition, meaning
  • Objectives of computer forensics
  • Digital evidence
  • What we can do and what we should be careful about
  • Assumptions of computer forensics
  • Polish and global practices used in computer forensics
  • Processes of forensic analysis
  • Ways of securing and collecting data
  • Rules and principles of conducting an investigation analysis
  • Description and presentation of tools used by investigators
  • Description and presentation of programmes used by investigators
  • What a binary copy is and why we need it
  • Process of securing material as evidence
  • Binary copies of pple computers
  • Process of securing evidence of encrypted media
  • Process of securing evidence - Live Forensics
  • Logical extraction of mobile devices
  • Logical extraction - file system of mobile devices
  • Physical extraction of mobile devices
  • Differences between logical and physical extraction of mobile devices
  • Presentation of evidence with the use of interactive reports
  • Cloud Forensics - mechanisms for securing data from the cloud
  • Checksum - is it worth doing?
  • How to store digital evidence
  • Protection of drives, electronic mails, websites, other media
  • Protection of volatile information
  • Transfer of evidence

Day 2

  • Making binary copies in the local environment
  • Making binary copies in the network environment
  • Analysis and protection of data from Volume Shadow Copy
  • Differences in the analysis of system costs in operating systems
  • Analysis of pagefile.sys and hiberfile content
  • Analysis of the print buffer content
  • Hiding data in alternate data streams
  • Searching for files in alternate data streams
  • Information included in quick access lists
  • Protection of volatile information - TRIGE
  • Prefetch analysis
  • Securing a RAM image
  • Analysis of RAM content
  • Searching files by timestamps
  • Work automation - building your own tool

Day 3

  • What logical and physical extraction is
  • SIM card cloning
  • Why the SIM card contains incomplete data after cloning
  • Logical extraction of SIM cards
  • Opening a new case
  • Data analysis
  • Tagging and advanced information search
  • Checklists
  • Data filtering
  • Timeline analysis
  • Practical analysis of mobile devices
  • What data can be extracted during physical extraction
  • Physical extraction of mobile devices
  • Working with Physical Phone Analyzer
  • Opening a new case
  • Data analysis
  • File system analysis
  • System analysis in the HEX code
  • Data analysis with the use of regular expressions
  • Data carving
  • Tagging and advanced information search
  • Checklists
  • Data filtering
  • Timeline analysis
  • Searching and analysis of malicious software
  • Searching for JailBreak artefacts on iPhone
  • Skipping PINs or patterns on mobile devices
  • UFED Reader


6 September 2022 . - Katowice

6 September 2022 . - Szkolenie Online

6 September 2022 . - Gdańsk

6 September 2022 . - Kraków

6 September 2022 . - Poznań

6 September 2022 . - Warszawa

6 September 2022 . - Wrocław

10 Oktober 2022 . - Szkolenie Online


3 d x 7 h (insgesamt 21 h)

Hast du Fragen?
Benötigst du zusätzliche Informationen
Möchtest du einen Platz vorreservieren?

Rufen Sie uns an!
+48 32 259 11 80