Computer forensics acquisition and analysis of digital evidence of crimes

1 590 € (excl. VAT)

Training price:

NOTE

The training is run in BYOL, thus after the training, participants take all the materials and exercises home.
 

Laptops must have Virtual Box installed with Extension Packs and 50 GB free drive space, as well as at least 4 GB RAM.

Training specification


Are you fascinated by the world of cybercrimes? Do you want to learn the latest technologies used in IT forensics? Are you required to know how to deal with the situation where the protection of evidence on mobile devices is crucial? Do not hesitate and sign up today for training in computer forensics in the Dagma Authorized Training Center!

Why us?

Our training courses are carried out by experts in computer forensics, recognised in Poland and worldwide. Their knowledge is confirmed by numerous certificates and diplomas. The fact that Polish courts and the police regularly ask them for help in obtaining evidence for ongoing investigations reflects high qualifications and extraordinary experience of our trainers.

1ST DAY OF TRAINING

During the first day of training you will learn the basics necessary to start an adventure with IT forensics. You will learn what digital evidence is and how it should be handled. You will learn digital investigative techniques. You will learn how to protect data contained on a digital medium and how to give them evidential value. You will also become familiar with devices and software necessary in the world of computer forensics. Moreover, you will have a unique opportunity to practice media protection methods using the world's best Logicube's Falcon devices, as well as mobile devices through UFED by Cellabrite - a leader in computer forensics specialising in mobile devices. We will also provide you with a tool to secure encrypted copies of hard drives from Mac Recon - Sumuri

2ND DAY OF TRAINING

On the second day of training, we will teach you how to create your own analytical environment that you can use for many years of your career. We will reveal how to conduct digital media analysis examination entirely without software, how to secure data when only CDLive with Linux is available. We will also reveal the secrets of VSS systems analyses, MFT board, ways to hide and search information in alternative data streams, ways of hiding text in graphics (steganography), and we will present "a hundred" other issues in the field of advanced techniques used in computer forensics.

3RD DAY OF TRAINING

On the third day, we will focus on mobile devices - you will learn about programmes and tools that help to extract information stored in the memory of mobile devices with the use of Cellebrite's world-renowned UFED devices. You will learn how to use specialised software, logical extraction of devices and SIM cards, the methods for extracting the file system and how to search for specific information in the jungle of all your data.

The entire training is based on practical tasks carried out on prepared images of mobile devices, as well as on real smartphones and tablets. This stage of training will introduce you to the world of analysis of existing and deleted data, building regular expressions that allow you to search data in hexadecimal codes and searching for artefacts to bypass user security and locks.

DURATION OF TRAINING:

21 h (3 days x 7 h)


TRAINING PROGRAM

Day 1

  • Computer forensics - definition, meaning
  • Objectives of computer forensics
  • Digital evidence
  • What we can do and what we should be careful about
  • Assumptions of computer forensics
  • Polish and global practices used in computer forensics
  • Processes of forensic analysis
  • Ways of securing and collecting data
  • Rules and principles of conducting an investigation analysis
  • Description and presentation of tools used by investigators
  • Description and presentation of programmes used by investigators
  • What a binary copy is and why we need it
  • Process of securing material as evidence
  • Binary copies of pple computers
  • Process of securing evidence of encrypted media
  • Process of securing evidence - Live Forensics
  • Logical extraction of mobile devices
  • Logical extraction - file system of mobile devices
  • Physical extraction of mobile devices
  • Differences between logical and physical extraction of mobile devices
  • Presentation of evidence with the use of interactive reports
  • Cloud Forensics - mechanisms for securing data from the cloud
  • Checksum - is it worth doing?
  • How to store digital evidence
  • Protection of drives, electronic mails, websites, other media
  • Protection of volatile information
  • Transfer of evidence

Day 2

  • Making binary copies in the local environment
  • Making binary copies in the network environment
  • Analysis and protection of data from Volume Shadow Copy
  • Differences in the analysis of system costs in operating systems
  • Analysis of pagefile.sys and hiberfile content
  • Analysis of the print buffer content
  • Hiding data in alternate data streams
  • Searching for files in alternate data streams
  • Information included in quick access lists
  • Protection of volatile information - TRIGE
  • Prefetch analysis
  • Securing a RAM image
  • Analysis of RAM content
  • Searching files by timestamps
  • Work automation - building your own tool

Day 3

  • What logical and physical extraction is
  • SIM card cloning
  • Why the SIM card contains incomplete data after cloning
  • Logical extraction of SIM cards
  • Opening a new case
  • Data analysis
  • Tagging and advanced information search
  • Checklists
  • Data filtering
  • Timeline analysis
  • Practical analysis of mobile devices
  • What data can be extracted during physical extraction
  • Physical extraction of mobile devices
  • Working with Physical Phone Analyzer
  • Opening a new case
  • Data analysis
  • File system analysis
  • System analysis in the HEX code
  • Data analysis with the use of regular expressions
  • Data carving
  • Tagging and advanced information search
  • Checklists
  • Data filtering
  • Timeline analysis
  • Searching and analysis of malicious software
  • Searching for JailBreak artefacts on iPhone
  • Skipping PINs or patterns on mobile devices
  • UFED Reader
     

CLOSEST DATES:

27 January 2020 . - Warszawa

21 April 2020 . - Katowice

19 May 2020 . - Warszawa

23 June 2020 . - Wrocław

TRAINING DURATION

3 d x 7 h (Total 21 h)

Do you have any questions?
Do you need more information?
Do you want to pre-book the place?

Call Us!
+48 32 259 11 80

Hotel during training

Are you looking for a Hotel for the duration of a training course? Select the city and see our offer.

Hotels in Gdansk
Hotels in Katowice
Hotels in Lodz
Hotels in Poznan
Hotels in Rzeszow
Hotels in Szczecin
Hotels in Warsaw
Hotels in Wroclaw