Computer Forensics Analysis (CFA)

The course offers the technical knowledge essential to efficiently solving Forensic Analysis cases when the digital forensics-compliant analysis of digital media or network traces is required. The course, focusing mainly on practical activities, uses tools on the IRItaly Live CD (Incident Response Italy), which prepares the environment for volatile data gathering, original storage media duplication, and post-incident investigation. The formal methodology puts forward different use scenarios on Unix and Win32 platforms.

AIMS
Considerable time is dedicated to Device Forensic Duplication, with the help of specific software and hardware tools, describing in detail the main image formats, the procedures to be followed and common difficulties that might be encountered. The following steps are for the low-level analysis of acquired storage media, describing and applying techniques such as Keyword Search, Data Carving, Data Export and Slack Space analysis. A section of the course deals with the various hash algorithms and their practical implications within Digital Investigation. Students will also acquire practical experience in drawing up Investigation Reports, both electronically and on paper, and photographic documentation produced during the acquisition process. The practice sessions use the Linux operating system and a number of free tools as well as the new PTK analysis tool developed by DFLabs. Another tool used is DFLabs Digital Investigation Manager (D.I.M.), a new tool for the management of acquisition procedures and digital investigations.

Duration Computer Forensics Analysis CFA training: 2 Days

Optional: participation in an introduction to the Linux Operating System.

Sponsored Links:

Computer Forensics Analysis (CFA)