Foundations in Digital Forensics Certification Course
Foundations in Digital Forensics Certification Course
This course is available for Virtual (remote delivery)
This 10-day course is designed for the investigator/examiner entering the field of digital forensics and provides the fundamental knowledge to comprehend and investigate incidents involving electronic devices. The course covers in depth architecture and functionality of NTFS, FAT and exFAT File Systems and their related metadata pertaining to stored objects on the physical media. Attendees will gain insight into partitioning structures and disk layouts and the effects of formatting volumes that contain existing data. File management and directory structure characteristics will be examined in detail as well as techniques for discovering potential evidence that maybe pivotal to a successful examination. This will be followed by topical areas of interest to include file headers and file hashing and recovery of deleted files and analysis of a windows-based system. Students will learn to use various applications and utilities to successfully identify, process, understand and document numerous Windows artifacts that are vitally important to forensic investigations. Students will gain knowledge in identifying where and why Windows stores information in Registry files, Recycle Bin, Recent folder, User directory and many system folders.
The participant will also gain knowledge on how to process browser history, cookies, temp files and other Windows 10 specific artifacts using SQLite scripting explorations. The course includes gaining an in depth look into link files, prefetchting, ShadowCopy analysis and how they relate to forensic examinations.
Students will use a variety of open source and leading forensic applications to examine key artifacts through multiple hands on labs and student practical’s. At the conclusion of this 10 intense course students will be invited to participate in the certification where they will be tested on all objectives taught throughout the course on a separate image file.
10-day Certification Course – Live Remote
What is Live Remote Synchronous Training?
Remote Synchronous Training (RST) allows the attendee to participate in a structured training courses remotely, in the comfort of your own office. It eliminates travel costs and provides a fully interactive environment, just like being in the classroom! RST delivery is specifically designed to simulate a live learning environment. Students have two-way communication with the instructor as well as the other students in the class using a typical hardware setup from their remote location. Instructors can monitor and interact with all students at the same time. When needed, instructors can assist students by physically interacting with his/her assigned machine in the Spyder Forensics remote classroom.
Why choose a Remote class?
Content is delivered exactly the same as in our live classes · Full interaction with the trainer and other course attendees · No travel costs and enjoy the class at your preferred location · Receive the same courseware as an in-person class, i.e. student manual for post class reference, USB with datasets and student files · Use of unique datasets developed by Spyder Forensics covering all artifacts covered in this class and others in our curriculum · Post class access the Spyder Forensics Academy (LMS) for supplementary courseware.
What you will need:
A computer (Windows or Apple) connected to the internet allowing access to GoToTraining™ for instructor delivery and RemotePC™ to interact with the remote classroom PC · A microphone to interact via voice with the class (not required as Chat window is always available) · Speakers to hear the class being delivered · Preferred 2 monitors to open multiple windows (GoToTraining and RemotePC windows)
What you will receive:
Printed course manual · USB containing course files · Access to the Spyder Forensics Academy · Course certificate
Course Overview
This is an 10-day course is designed for the investigator/examiner entering the field of digital forensics and provides the fundamental knowledge to comprehend and investigate incidents involving electronic devices. The course covers in depth architecture and functionality of NTFS, FAT and exFAT File Systems and their related metadata pertaining to stored objects on the physical media. Attendees will gain insight into partitioning structures and disk layouts and the effects of formatting volumes that contain existing data. File management and directory structure characteristics will be examined in detail as well as techniques for discovering potential evidence that maybe pivotal to a successful examination. This will be followed by topical areas of interest to include file headers and file hashing and recovery of deleted files and analysis of a windows-based system. Students will learn to use various applications and utilities to successfully identify, process, understand and document numerous Windows artifacts that are vitally important to forensic investigations. Students will gain knowledge in identifying where and why Windows stores information in Registry files, Recycle Bin, Recent folder, User directory and many system folders. The participant will also gain knowledge on how to process browser history, cookies, temp files and other Windows 10 specific artifacts using SQLite scripting explorations. The course includes gaining an in depth look into link files, prefetchting, ShadowCopy analysis and how they relate to forensic examinations.
Students will use a variety of open source and leading forensic applications to examine key artifacts through multiple hands on labs and student practical’s.
At the conclusion of this 10 intense course students will be invited to participate in the certification where they will be tested on all objectives taught throughout the course on a separate image file.