Digital Forensics Fundamentals: Course Contents - ALC Training

Day 1: Digital Forensics Introduction

Digital forensic process
Identification of evidence
Evidence handling principles
Order of volatility
Evidence preservation
Imaging basics
Analysis basics with Autopsy and X-Ways

Exercises:

Imaging using a write blocker, live CD, forensic duplicator
Mounting disk images
Examination with Autopsy

Day 2: Windows Disk Analysis

Introduction to file system forensics
Techniques for filtering and searching
Mapping of investigative questions to artefacts
Carving deleted content
Email activity
Web browsing historical activity
Chat rooms and activity
Evidence of access and execution
Tracking USB storage and file movement

Exercises:

Carving of deleted content
Tracking web browser history
Identifying files accessed

Day 3: Mobile Devices and Advanced Preservation

Volatile memory acquisition
Gleaning evidence from pagefiles and Random Access Memory (RAM)
Identifying and dealing with encryption
Identifying and preserving cloud services
Managing the case lifecycle

Exercises:

Acquisition and analysis of a phone
Acquisition and analysis of volatile memory
Extraction of chat and other artefacts from volatile memory