Day 1: Digital Forensics Introduction
- Digital forensic process
- Identification of evidence
- Evidence handling principles
- Order of volatility
- Evidence preservation
- Imaging basics
- Analysis basics with Autopsy and X-Ways
Exercises:
- Imaging using a write blocker, live CD, forensic duplicator
- Mounting disk images
- Examination with Autopsy
Day 2: Windows Disk Analysis
- Introduction to file system forensics
- Techniques for filtering and searching
- Mapping of investigative questions to artefacts
- Carving deleted content
- Email activity
- Web browsing historical activity
- Chat rooms and activity
- Evidence of access and execution
- Tracking USB storage and file movement
Exercises:
- Carving of deleted content
- Tracking web browser history
- Identifying files accessed
Day 3: Mobile Devices and Advanced Preservation
- Volatile memory acquisition
- Gleaning evidence from pagefiles and Random Access Memory (RAM)
- Identifying and dealing with encryption
- Identifying and preserving cloud services
- Managing the case lifecycle
Exercises:
- Acquisition and analysis of a phone
- Acquisition and analysis of volatile memory
- Extraction of chat and other artefacts from volatile memory