Forensic Computing and Incident Analysis
This training is an applied forensic computing (aka. computer forensics or digital forensics) workshop, covering different techniques alongside with the explanation of the underlying principles and lots of hands-on exercises. The goal of this training is to provide the basic knowledge that is required whenever an incident has to be analyzed in a forensically sound manner and covers the techniques needed to cope with the majority of incidents.
The following topics will be covered in this training:
-
Forensic Computing as a Forensic Science
-
Digital Evidence: Theoretical Background and Classification
-
The Chain of Custody
-
The Order of Volatility: Persistant Evidence vs. Volatile Evidence
-
Harddisk Forensics: File Recovery - Carving vs. Logical Recovery incl. OpenSource Tools
-
NTFS Logical File Recovery Background and Application
-
Manual RAID Recovery and OpenSource Tools
-
Live Forensics: Smell the Smoking Gun
-
Memory Forensics Overview
-
Network Forensics Overview
Requirements
-
Laptop with administrative privileges and VirtualBox installed
-
IT-Background
Important: Familiarity with Linux and Shell (only Linux command line tools used!)