THREAT CON 2019
Workshops: August 29 - 30
Conference: August 31
Hotel Yak and Yeti, Durbarmarg, Kathmandu, Nepal

Get Tickets

Workshop by Andrew Smith

August 29-30

Hotel Yak & Yeti

Kathmandu, Nepal





Digital Forensics and Incident Response


Andrew Smith


Digital investigations are an unavoidable part of administrating information systems in a large organisations. It is essential for such investigators to have an in-depth understanding of digital forensics. The professionals should also be adept at handling any security incidents that occur and should be ready to properly handle such incidents.

This workshop focuses on training IT professional on how to deal with a incidence by developing a proper incidence response plan, how to conduct digital investigations and all the nuances involved with the.

Course Outline:

Introduction

Overview of what can be expected from the training Course

Emerging Cyber Threats

Overview of emerging cyber-security threats such as

  • Mobile Malware
  • Internet of Things
  • Crypto jacking and mining
  • Machine learning cyber attacks

Preparing an Incident Response Plan

This section will cover what needs to be considered when preparing an incident response plan. What skills are required within an incident response team.

  • Preparation Detection and Reporting
  • Triage and Analysis
  • Containment and Neutralization
  • Post Incident Activity

Defining Digital Forensics

Provide the candidates with a clear definition for digital forensics. Provide a high level overview of the different types of digital forensic investigations such as

  • Computer forensics Mobile forensics
  • Network forensics
  • Memory forensics
  • E-discovery

Discuss in detail the 5 stages every forensic investigator will go through when conducting a forensic investigation

  • Preservation Identification
  • Extraction
  • Interpretation
  • Documentation

Legal Considerations

  • Provide an overview of the types of legislation that needs to be considered when dealing with a forensic investigation.
  • We will also look at how the courts will make an assessment on the authenticity and integrity of computer evidence

Investigation Fundamentals

  • Good Practice Guidelines for Digital Evidence
  • The four principles of computer based evidence
  • Identifying electronic sources of evidence

Forensic Techniques/Terms Explained

  • Define forensics terms like forensic image, forensic clone, forensic acquisition report
  • Introduction to a forensic tool called FTK Imager and practical exercises

Dealing with Digital Investigations

  • Extracting data (including Ram memory) from live systems using a methodical approach The extraction of evidence from system files such as Prefetch files, registry Shellbags and NTFS log files
  • USB forensics
  • Examination of Internet history
  • Practical exercises using a range of opensource tools

Preparing Forensic Evidence for Courct

  • How to prepare a forensic report?
  • How to prepare evidence for court?
  • Giving evidence as an expert witness

Subscribe and get our news and updates.