This is an 10-day course is designed for the investigator/examiner entering the field of digital forensics and provides the fundamental knowledge to comprehend and investigate incidents involving electronic devices. The course covers in depth architecture and functionality of NTFS, FAT and exFAT File Systems and their related metadata pertaining to stored objects on the physical media. Attendees will gain insight into partitioning structures and disk layouts and the effects of formatting volumes that contain existing data. File management and directory structure characteristics will be examined in detail as well as techniques for discovering potential evidence that maybe pivotal to a successful examination. This will be followed by topical areas of interest to include file headers and file hashing and recovery of deleted files and analysis of a windows-based system. Students will learn to use various applications and utilities to successfully identify, process, understand and document numerous Windows artifacts that are vitally important to forensic investigations. Students will gain knowledge in identifying where and why Windows stores information in Registry files, Recycle Bin, Recent folder, User directory and many system folders. The participant will also gain knowledge on how to process browser history, cookies, temp files and other Windows 10 specific artifacts using SQLite scripting explorations. The course includes gaining an in depth look into link files, prefetchting, ShadowCopy analysis and how they relate to forensic examinations.
- Event Calendar
- Foundations in Digital Forensics Certification Course (Live Remote Training)
Foundations in Digital Forensics Certification Course (Live Remote Training)Hot
December 18, 2020