1300 55 33 24 w w w . c d f s . c o m . a u Digital Forensics & Data Analysis 101 + CUFO This course is focused on providing Investigators with the knowledge required to perform a proper Collection, Triaging, Reviewing and Examination of Digital Evidence. COURSE SUMMARY Connecting People, Technology, and the Truth
5
Embed
Digital Forensics & Data Analysis 101 + CUFO€¦ · MOD 2: DIGITAL FORENSIC PRINCIPLES MOD 7: MANAGING DIGITAL EVIDENCE AT THE CRIME SCENE MOD 3: HARDWARE PRINCIPLES MOD 4: STORAGE
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
1300 55 33 24w w w . c d f s . c o m . a u
Digital Forensics & Data Analysis 101 + CUFO
This course is focused on providing Investigators with the
knowledge required to perform a proper Collection,
Triaging, Reviewing and Examination of Digital Evidence.
C O U R S E S U M M A R Y
Connecting People, Technology, and the Truth
1300 55 33 24 www.cdfs.com.au
4-DAY INSTRUCTOR LED COURSE
This course is focused on providing Investigators with the knowledge required to perform a proper Collection, Triaging, and Reviewing of Digital Evidence.
Multiple practical exercises are provided to enforce key concepts learned
Zoran Iliev – Forensic ExaminerMaster of eForensics and Enterprise Security
• Digital Forensic Triage• Forensic Imaging of USB Devices• Reviewing Digital Evidence• Communicate and work efficiently with Digital and Cyber Teams• Mobile Device Technology Overview: Cellebrite UFED Field Operator (CUFO)
FOCUS
THEORY AND PRACTICAL
TRAINER
COURSE OUTCOMES INCLUDE
• Government and Law Enforcement Investigators• Cyber Crime Investigators• Digital Forensic Investigators• IT Security Managers
TARGET AUDIENCE
Connecting People, Technology, and the Truth
1300 55 33 24 www.cdfs.com.au
•What is Forensic Science•The role of the Forensic Science in the Legal System•Why is important to understand the forensic evidence•Identifying Forensic Traces
•Different types of Hardware Write Blocking and Imaging Devices•Software Write Blocking Applications•The importance of testing and verification of DF tools
•Introduction and Discussion
•What is Digital Forensic Crime Scene•Prepare before attending the Crime Scene•DF team member and the warrant holder•Interviewing suspects in relation to digital evidence•How to control the Digital Forensic Crime Scene•The importance of the forensic approach when processing Digital Evidence•Protect and manage digital evidence at the crime scene•Document digital evidence at the crime scene•Processing a crime scene involving digital evidence and perform preliminary survey•Introduction to Digital Forensic Triage•Develop a plan for successful triage of digital evidence
•Desktops, laptops, and other devices with operating systems•Boot Process•Forensic Boot
•Different types of Digital Storage Devices and Media•Introduction to data organisation (file systems and data structures)•Remote / Network / Cloud Storage
•What is Operating System•Different types of Operating Systems•Common OS forensic artefacts•Application Software
MOD 1: FORENSICS AND DIGITAL FORENSICS
MOD 6: DATA PRESERVATION PRINCIPLES
MOD 2: DIGITAL FORENSIC PRINCIPLES
MOD 7: MANAGING DIGITAL EVIDENCE AT THE CRIME SCENE
MOD 3: HARDWARE PRINCIPLES
MOD 4: STORAGE MEDIA PRINCIPLES
MOD 5: OPERATING SYSTEMS
Connecting People, Technology, and the Truth
DAY 1
DAY 2
DAY 3
DAY 4
•Digital evidence collection•How to prepare/sterile Target Media•What is Forensic image and what is a Clone•Different types of Forensic Image Formats•Perform basic imaging•Data collection
•Practical Exercises•Prepare target media•Test and verify DF tools•Imaging•Cloning•Data Containers•Targeted Collections•Authentication
•The theory of DFT•Using different tools to perform DF Triage•Triaging of storage devices•Prioritising devices for Live examination and collection (Volatility Risk Assessment)•Triaging of computer systems and smart devices
•Windows•Apple•Android
•How to Identify “Hot Zones” for effective DFT on powered on systems•Live DFT Workflow•DFT and RAM•Identify Encrypted structures (Volumes, Folders…)
•Bit Locker•Specialities of APPLE devices
MOD 8: THE ACQUISITION PROCESS
MOD 9: DIGITAL FORENSIC TRIAGE
•How to identify and manage individual and environmental threats to an officer’s safety
•How to deploy proper procedures and tactics to ensure personal safety as well as the safety of others at the electronic crime scene
•Introduction
MOD 10: OHS AND OFFICER SAFETY
MOD 11: DIGITAL EVIDENCE IN COURT
1300 55 33 24 www.cdfs.com.au
Connecting People, Technology, and the Truth
DAY 5
INFO
(OPTIONAL)
COURSEDETAILS
•Mobile Device Technology Overview•Data Locations•Forensic Handling of Mobile Devices•UFED Kiosk Tour•SIM Extraction with UFED Kiosk•Mobile Device Extraction with UFED Kiosk•SD Card Extractions with UFED Kiosk•Viewing Data using the UFED Kiosk
NOTE: •This list is dynamic and can be changed on request to include additional tools.•CDFS reserves the right to change the tools without prior notice unless otherwise agreed.
MOD 12: MOBILE DEVICE TECHNOLOGY OVERVIEW: CELLEBRITE UFED FIELD OPERATOR (CUFO)