Initial Forensics | Print |  Email
Initial Steps in Digital Forensics

The rise of computer related crime has created a need for more qualified examiners in computer forensics analysis. This course examines the theoretical part of investigations, forensic laboratories, maintaining a chain of custody, forensics tools and report writing. The second part of the course provides an overview of popular forensic tools and has a case study where the students have to search for public domain tools to recover the evidence. A chain of custody has to be maintained and a report written covering the case from initial contact to final recovery.

The following should attend:
 
  • Information security staff
  • Investigators
  • Forensic staff
  • First responders
  • Managers

Learning Outcomes

  • Discuss how to launch a computer crime investigation.
  • Discuss the requirements of how to secure a virtual crime scene.
  • Demonstrate techniques for collecting and preserving evidence from a computer crime scene.
  • Research and synthesise the various techniques involved in acquiring computer evidence and utilise results in a critical assessment of forensic evidence.
  • Prepare documentation and a crime report to be used for legal evidence.

The course is structured in the following way:

  • Computer forensics and digital investigations
    • A history of computer forensics
    • Understanding the different types of evidence
    • Background information in computer systems
    • Determine the physical layout of a computer forensics lab
    • Selecting a basic forensics workstation
    • Preparing for an investigation
  • Establish and Maintain a Physical Chain of Custody
    • Performing an initial response
    • The Crime Scene
    • Storage after seizure and recovery of evidence
    • Volatile data
    • Good Practice Guide for Computer Based Electronic Evidence.
  • Processing an Exhibit
    • Signing exhibits out of the store
    • Initial examination
    • Recording findings
    • Detailed examination
    • Acquiring the image
    • Analysing the image
    • Writing the report.
  • Challenges for the Forensic Analyst and a Look at Tools to Solve the Problems
    • The challenge of hidden data
    • Some commercial tools
    • Starting a case
    • Preparing the workspace
    • Initial steps
    • Processing the case

Business Benefits

  • The following business benefits are envisioned:
  • compliance with the legal requirements for the digital forensic process
  • correct application of the tools to recover data securely
  • presentation of case documentation that meets the guidelines for the Association of Chief Police Officers.
 
< Prev   Next >
[ Back ]