Andrew Smith

Andrew Smith
Andrew has 17 years’ experience in the field of digital forensics. Andrew was a UK police officer for 9 years of which the last 4 years was spent working within the police computer crime unit where he received extensive forensic training. Andrew also worked for over 5 years for a highly respected UK information security company where he became the manager of the computer forensics team. His role included overseeing investigations for both the public and private sector and the delivery of master degree training courses for a UK university. Andrew has now been based in Bangkok for over 7 years and is the Director of Computer Forensics Services for a commercial investigation company called Orion Investigations. His role is to oversee all forensic investigations, business development, promote awareness of the need for cyber security and provide training for the forensic team. Andrew has developed a range of forensic training courses and has also developed a range of free forensic tools which are now used in forensics labs all around the world.

Talk / Workshop

Digital Forensics and Incidence Response

Digital investigations are an unavoidable part of administrating information systems in a large organisations. It is essential for such investigators to have an in-depth understanding of digital forensics. The professionals should also be adept at handling any security incidents that occur and should be ready to properly handle such incidents.

This workshop focuses on training IT professional on how to deal with a incidence by developing a proper incidence response plan, how to conduct digital investigations and all the nuances involved with the.

Course Outline:


Overview of what can be expected from the training Course

Emerging Cyber Threats

Overview of emerging cyber-security threats such as

  • Mobile Malware
  • Internet of Things
  • Crypto jacking and mining
  • Machine learning cyber attacks

Preparing an Incident Response Plan

This section will cover what needs to be considered when preparing an incident response plan. What skills are required within an incident response team.

  • Preparation Detection and Reporting
  • Triage and Analysis
  • Containment and Neutralization
  • Post Incident Activity

Defining Digital Forensics

Provide the candidates with a clear definition for digital forensics. Provide a high level overview of the different types of digital forensic investigations such as

  • Computer forensics Mobile forensics
  • Network forensics
  • Memory forensics
  • E-discovery

Discuss in detail the 5 stages every forensic investigator will go through when conducting a forensic investigation

  • Preservation Identification
  • Extraction
  • Interpretation
  • Documentation

Legal Considerations

  • Provide an overview of the types of legislation that needs to be considered when dealing with a forensic investigation.
  • We will also look at how the courts will make an assessment on the authenticity and integrity of computer evidence

Investigation Fundamentals

  • Good Practice Guidelines for Digital Evidence
  • The four principles of computer based evidence
  • Identifying electronic sources of evidence

Forensic Techniques/Terms Explained

  • Define forensics terms like forensic image, forensic clone, forensic acquisition report
  • Introduction to a forensic tool called FTK Imager and practical exercises

Dealing with Digital Investigations

  • Extracting data (including Ram memory) from live systems using a methodical approach The extraction of evidence from system files such as Prefetch files, registry Shellbags and NTFS log files
  • USB forensics
  • Examination of Internet history
  • Practical exercises using a range of opensource tools

Preparing Forensic Evidence for Court

  • How to prepare a forensic report?
  • How to prepare evidence for court?
  • Giving evidence as an expert witness

Subscribe and get our news and updates.