Title
DFE - Digital Forensic Essentials
SKU
B2250
Days
2
Price
$1,195.00
Register Now

DFE - Digital Forensic Essentials

Description

This entry-level two (2) day course provides a solid foundation of knowledge and skills for Digital Archivists and beginning Forensic/eDiscovery practitioners.

Objectives

This course is designed to provide foundational skills for a digital forensic examiner, eDiscovery specialist, or first responder.  Lessons presented will focus on:

  • Identifying various digital forensic media
  • Best practice collection of digital media / evidence
  • Best practice transportation of digital media / evidence
  • Forensic triage methods
  • Duplicating digital media / evidence

Prerequisites

This course is designed for a beginning practitioner with a basic understanding of the Microsoft Windows operating system environment and function.  Students should meet or exceed the following:

  • Read and understand the English language
  • Have familiarity with the Microsoft Windows environment
  • Have a basic understanding of data recovery concepts

Syllabus

Course Outline

The course will follow adult learning principles through training aids, presentations, diagrams, and instructor led practical exercises.  Each topic covered will be presented in either one or two 50 minute sessions followed by review questions.  Students will be given the opportunity throughout the course to ask questions and discuss objectives covered in more detail.  Ample time will be allotted for hands on exercises to reinforce the topics covered.

The course is structured as follows:

Introductions and Digital Forensics / eDiscovery / Digital Archive Overview

  • Introductions by the students and course instructor
  • Identify the typical components of a digital forensic investigation
  • Identify the typical components of an eDiscovery examination
  • Foundation of digital duplication/archiving

Hardware Recognition

  • Identify common digital hardware components
  • Discuss digital forensic items of interest in a typical forensic examination

Seizure and Transportation

  • Identify proper methods for dealing with live (running) computer systems at crime scenes
  • Discuss RAM capture from a live machine
  • Discuss proper packaging techniques for transporting digital media

Drive Interfaces

  • Identify drive interfaces / technology likely to be found
  • Explain the purpose and use of drive jumpers
  • Explain the purchase and use of drive adapters

BIOS and CMOS

  • Explain the purpose / use / forensic relevance of system BIOS
  • Explain the purpose / use / forensic relevance of system CMOS
  • Discuss methods to circumvent / disable passwords associated with the CMOS

Physical and Logical Characteristics

  • Explain physical components of digital media
  • Define the terms sector, track, cylinder, page, block and LBA
  • Explain logical structures of digital media
  • Differentiate physical media with sold state drive media

Computer Data

  • Explain how data storage on various digital media
  • Discuss the components of the ASCII / ANSI chart and define Unicode
  • Explain the binary, decimal, and hexadecimal numbering schemes
  • Identify various locations of interest where data will be found in various formats

Operating and File Systems

  • Provide a detailed overview of Operating System function and purpose
  • Identify the most common Operating Systems
  • Provide a detailed overview of a File System
  • Identify the most common File Systems

Partitioning

  • Discuss the MBR partitioning scheme
  • Discuss the GPT partitioning scheme
  • Identify deleted partitions and recovery methods

FAT & NTFS File Systems

  • Describe the components of the FAT file system
  • Explain the "format" command and results of its use
  • Discuss how file creation and deletion effects digital data

Forensic Triage and Duplication

  • Describe the processes used to triage electronic data
  • Create physical/logical duplicates using various forensic tools
  • Create custom content forensic images with various forensic tools
  • Discuss typical challenges facing forensic duplication such as encryption, integrated storage and RAID data

 

Schedule

Date Time Location
Aug 22, 2022 (Mon) -
Aug 23, 2022 (Tue)
9am-5pm
Central Time (US & Canada)
Virtual Classroom

Questions? Would you like to learn more?