Digital investigations are an unavoidable part of administrating information systems in a large organisations. It is essential for such investigators to have an in-depth understanding of digital forensics. The professionals should also be adept at handling any security incidents that occur and should be ready to properly handle such incidents.
This workshop focuses on training IT professional on how to deal with a incidence by developing a proper incidence response plan, how to conduct digital investigations and all the nuances involved with the.
Course Outline:
Introduction
Overview of what can be expected from the training Course
Emerging Cyber Threats
Overview of emerging cyber-security threats such as
- Mobile Malware
-
Internet of Things
-
Crypto jacking and mining
-
Machine learning cyber attacks
Preparing an Incident Response Plan
This section will cover what needs to be considered when preparing an incident response plan. What skills are required within an incident response team.
- Preparation
Detection and Reporting
-
Triage and Analysis
-
Containment and Neutralization
-
Post Incident Activity
Defining Digital Forensics
Provide the candidates with a clear definition for digital forensics. Provide a high level overview of the different types of digital forensic investigations such as
- Computer forensics
Mobile forensics
-
Network forensics
-
Memory forensics
-
E-discovery
Discuss in detail the 5 stages every forensic investigator will go through when conducting a forensic investigation
- Preservation
Identification
-
Extraction
-
Interpretation
-
Documentation
Legal Considerations
-
Provide an overview of the types of legislation that needs to be considered when dealing with a forensic investigation.
- We will also look at how the courts will make an assessment on the authenticity and integrity of computer evidence
Investigation Fundamentals
- Good Practice Guidelines for Digital Evidence
- The four principles of computer based evidence
- Identifying electronic sources of evidence
Forensic Techniques/Terms Explained
- Define forensics terms like forensic image, forensic clone, forensic acquisition report
- Introduction to a forensic tool called FTK Imager and practical exercises
Dealing with Digital Investigations
- Extracting data (including Ram memory) from live systems using a methodical approach
The extraction of evidence from system files such as Prefetch files, registry Shellbags and NTFS log files
-
USB forensics
-
Examination of Internet history
-
Practical exercises using a range of opensource tools
Preparing Forensic Evidence for Court
- How to prepare a forensic report?
-
How to prepare evidence for court?
-
Giving evidence as an expert witness