Forensic Computing

This training is an applied forensic computing (aka. computer forensics or digital forensics) workshop, covering different techniques alongside with the explanation of the underlying principles and lots of hands-on exercises. The goal of this training is to provide the basic knowledge that is required whenever an incident has to be analyzed in a forensically sound manner and covers the techniques needed to cope with the majority of incidents.

The following topics will be covered in this training:

  • Forensic Computing as a Forensic Science

  • Digital Evidence: Theoretical Background and Classification

  • The Chain of Custody

  • The Order of Volatility: Persistant Evidence vs. Volatile Evidence

  • Harddisk Forensics: File Recovery - Carving vs. Logical Recovery incl. OpenSource Tools

  • NTFS Logical File Recovery Background and Application

  • Manual RAID Recovery and OpenSource Tools

  • Live Forensics: Smell the Smoking Gun

  • Memory Forensics Overview (this topic is covered more specifically in the “Incident Analysis”-WS)

  • Network Forensics Overview (this topic is covered more specifically in our TROOPERS17 “Incident Analysis” training.).

Requirements for this course:

  • Laptop with administrative privileges and VirtualBox installed
  • IT-Background
  • Important: Familiarity with Linux and Shell (only Linux command line tools used!)

About the Speaker