Workshop by Andrew Smith
Hotel Yak & Yeti
Digital investigations are an unavoidable part of administrating information systems in a large organisations. It is essential for such investigators to have an in-depth understanding of digital forensics. The professionals should also be adept at handling any security incidents that occur and should be ready to properly handle such incidents.
This workshop focuses on training IT professional on how to deal with a incidence by developing a proper incidence response plan, how to conduct digital investigations and all the nuances involved with the.
Overview of what can be expected from the training Course
Emerging Cyber Threats
Overview of emerging cyber-security threats such as
- Mobile Malware
Internet of Things
Crypto jacking and mining
Machine learning cyber attacks
Preparing an Incident Response Plan
This section will cover what needs to be considered when preparing an incident response plan. What skills are required within an incident response team.
Detection and Reporting
Triage and Analysis
Containment and Neutralization
Post Incident Activity
Defining Digital Forensics
Provide the candidates with a clear definition for digital forensics. Provide a high level overview of the different types of digital forensic investigations such as
- Computer forensics
Discuss in detail the 5 stages every forensic investigator will go through when conducting a forensic investigation
Provide an overview of the types of legislation that needs to be considered when dealing with a forensic investigation.
- We will also look at how the courts will make an assessment on the authenticity and integrity of computer evidence
- Good Practice Guidelines for Digital Evidence
- The four principles of computer based evidence
- Identifying electronic sources of evidence
Forensic Techniques/Terms Explained
- Define forensics terms like forensic image, forensic clone, forensic acquisition report
- Introduction to a forensic tool called FTK Imager and practical exercises
Dealing with Digital Investigations
- Extracting data (including Ram memory) from live systems using a methodical approach
The extraction of evidence from system files such as Prefetch files, registry Shellbags and NTFS log files
Examination of Internet history
Practical exercises using a range of opensource tools
Preparing Forensic Evidence for Courct
- How to prepare a forensic report?
How to prepare evidence for court?
Giving evidence as an expert witness