Computer Forensics Analysis Advanced (CFAD)
This course is an extension of the Computer Forensic Analysis course and deals with advanced Digital Investigation activities, making use of many practical cases and simulations.
Starting with different methods of Timeline generation (textual or graphic), the analysis process based on footprint is described, correlating the results from different information sources, such as logs generated by devices or security software, with the information from media analysis. Additionally, advanced Data Carving techniques are described during class and applied both to media and network dumps with the aim of recovering deleted or obfuscated data. The subsequent section of the course covers the application of different investigation techniques such as virtual evidence, and static and dynamic analysis of binaries through decompilers and debuggers. RAM dump analysis to supplement the above activities includes information reconstruction and keyword search to recover credentials or information otherwise coded on disk. The course ends with search and analysis of Windows Artifacts such as browser cache, recycle bin and log systems both for Windows and Unix. Activities are carried out with the help of PTK, the advanced graphical alternative for the TSK suite.
Duration Computer Forensics Analysis Advanced CFAD training: 2 Days