Who Should Attend?

This training is meant for those without any previous experience with digital forensics. The student will be introduced to concepts and techniques that every computer forensics practitioner must master. This is the same course that CSI has delivered to IT professionals, law enforcement, and the military.

Who should take this class?

Anyone in an information technology related field. New security personnel, IT security officers, security professionals, security auditors, network engineers, network administrators, troubleshooters and technicians. Appropriate for anyone interested in network security - technical CEOs, CIOs, CTOs, CSOs and law enforcement as well.

Course topics for this training will include:

  • Active, archival and latent data
  • Hashes and Checksums
  • Conducting keyword searches
  • Creating understandable and accurate reports
  • Creating forensically sound working copies or images of media
  • Common File Header formats
  • Documentation, chain of custody, and evidence handling procedures
  • Assisting with motions (ie, motions to compel production of a hard drive, logs, etc)
  • Questions to prepare for/advising your retaining counsel
  • FAT 12/16/32 file systems
  • File slack, ram slack, drive slack, and unallocated space
  • NTFS File Systems
  • Compact Disc analysis
  • Interpretation of various log formats
  • Interpreting Internet History and HTTP concepts
  • Manual and automated data recovery
  • Metadata for Microsoft Office and PDF documents
  • Overcoming encryption mechanisms and password protection
  • PC hardware concepts
  • Privacy issues
  • Rules of evidence
  • Windows print spool files
  • Windows registry
  • Windows shortcuts
  • Windows swap file
  • Working as an expert technical witness
  • Insurance/liability issues
  • Viruses and malware

Why Take Our Course?

More organizations every day are "hanging out a shingle" to offer forensics training. Some have experienced instructors and some do not. Some also rely on a single software package for their forensic work. Our courses emphasize technique and methodology, regardless of the software package used.

Our goal is to help you become a forensic analyst that can think independently and deal with any situation that arises. Forensic examiners that know how to use a single program and are not aware of what happens behind the scenes are not true forensic analysts, but are merely people using software. These people will not hold up well against skilled forensic examiners who challenge their results and methodology - cases can be won or lost due to the skills of the forensic examiner.

Digital Forensic investigations should be handled in a forensically sound manner, and treated as if the situation will end up in a court of law. When dealing with a cyber security incident, it's important that you act fast. Digital information is fragile, and must be preserved as soon as possible. The longer the computing devices that contain possible evidence are left running, the more likely it is that evidence will be destroyed. Examples where Digital Forensics can play a critical role in evidence gathering and analysis include:

  • Criminal investigations where digital information is pertinent and needs to be extracted or examined
  • Civil litigation where digital information is pertinent and needs to be extracted or examined
  • Employee and contractor investigations and electronic surveillance
  • Data and sensitive information leakage investigations where digital information is pertinent and needs to be extracted or examined
  • Forensic analysis of thumb drives, digital cameras, cell phones and personal digital assistants (PDA's)
  • Pre-investigations to help determine if a full scale investigation is warranted or needed - very cost effective
  • Recovering encrypted and/or deleted emails
  • Cracking passwords
  • Removal of viruses and other forms of malware
  • Recovering deleted data
  • Data destruction and media wiping
  • Electronic discovery compliance
  • Internet stalking and harassment via email or other electronic means
  • Child custody issues where digital information is pertinent and needs to be extracted or examined
  • Divorce issues where digital evidence is pertinent and needs to be extracted or examined
  • Employee firing/termination
  • Employee misconduct, disciplinary action
  • Exceptional/extreme cases (death, suicide, kidnapping, etc.)
  • Risk management, risk control
  • Intellectual Property (IP) theft
  • Investigating IT policy violation
  • IT infrastructure abuse/misuse
  • Verifying corporate data sanitation measures

Organizations using and relying on Digital Forensics Technology

  • Banks and Financial Institutions
  • Credit card companies
  • Corporations
  • Data recovery firms
  • Educational institutions
  • Government agencies
  • Law enforcement
  • Law firms
  • Military
  • Transportation
  • Healthcare
  • Utilities
  • Accounting Firms
  • Service Providers
  • IT Departments

Why does my company need a Digital Forensics Capability?

  • Audit requirements
  • Ensuring compliance with local laws and regulations
  • Corporate policies and standards compliance

Digital Forensics does not just deal with criminal matters or law enforcement. Situations where the skills of a computer forensics analyst are needed arise everyday - divorces, civil disputes, bankruptcies, medical malpractice, wills, the list goes on and on.