Date/Time
Date(s) - Tue, Sep 01, 2020 - Wed, Sep 30, 20209:00 am - 5:00 pm
Location
Digital Shield Training AcademyClick Here to Register for Event
Open Source Digital Forensics Consultation
Providing comprehensive digital forensics training using Open Source tools designed for lab environments and examiners with a limited budget.
This course focuses on conducting forensic analysis of digital evidence acquired from desktop computers, laptops, RAM, and external storage media. Concepts taught will be enforced through instructor-guided scenarios, practical
exercises, and discussion forums centered on providing solutions to technical obstacles for new and experienced examiners.
Course Overview
The Open Source Digital Forensics Course (OSDFC) is designed to train law enforcement, IT administrators, and IT security investigators the latest methods and procedures utilized to
acquire and analyze digital media with open source or free tools.
Digital forensics is an extremely sought after skill that provides the investigator with technical insight and verifiable evidence about how a computer had been used when committing a crime. While the training to become an effective examiner is highly specialized, unfortunately the commercial tools available to a lab environment can be extremely expensive. License maintenance costs makes some tools impossible or even an unrealistic line item of increasingly reduced budgets. Despite the exponential growth of technology being used in support of more crimes, hard decisions have to be made with respect to the capability of LE agencies to handle digital evidence.
The Open Source community has responded in a big way and begun to develop viable forensic tools, available on multiple platforms, that can process digital evidence with the same level of integrity as their commercial counterparts.
What You Will Learn:
- Sound techniques to manage cases containing digital evidence
- Foundational training on how to properly identify digital evidence and proper handling techniques
- Procedures to acquire digital media from multiple sources using forensically sound techniques and tools
- How to construct a cost-effective forensic workstation that can be used to acquire digital media, conduct analysis, and produce comprehensive reports on in support of an open case.
- Hands-on practical exercises geared toward exposing the examiner to methods on how to conduct thorough analysis of digital evidence using effective Open Source tools
Identification of Digital Evidence
Students will understand current technological trends and computer hardware to determine the possible physical location of digital evidence in preparation for forensic acquisition.
Skills You Will Learn
- Identify components of traditional computing devices
- Identify form factors of digital media storage devices
- Describe mainstream hard drive interfaces
- Discuss virtual computing environments and cloud storage options
Acquisition of Digital Evidence
Students will perform digital media acquisitions using forensically sound methods and procedures with open source/free tools.
Skills You Will Learn
- Identify and properly prepare destination storage media.
- Explain the forensic methodology used to properly interface with original evidence.
- Explain the forensic methodology used to properly acquire digital evidence
Analysis Tools Overview
Students will understand the importance of the growing open source development community to digital forensics, and where trusted resources are located for distribution..
Skills You Will Learn
- Define the open source concept and how it can be compared with commercially developed software.
- Identify popular open source tools, open source tool repositories, and trusted methods that can be used for digital forensic analysis
Hash Analysis
Students will understand how trusted hash sets of known files can assist them to more efficiently identify pertinent data contained on digital storage media.
Skills You Will Learn
- Identify trusted sources of available hash sets.
- Create hash sets of known files using Open Source tools
- Identify known files using trusted hash sets to reduce data set for analysis
File Signature Analysis
Students will understand how properly identifying file types can assist them to more efficiently identify pertinent data contained on digital storage media.
Skills You Will Learn
- Identify known file types by their header.
- Perform forensic file signature analysis to properly identify files.
Data Recovery Techniques
Students will understand the importance of recovering data from unallocated space of storage media partitions and free space to locate pertinent data.
Skills You Will Learn
- Explain popular file system structure (FAT, NTFS, HFS+) to understand how files can be recovered if deleted.
- Explain challenges with data recovery from flash media storage devices.
- Perform file carving techniques to recover data from unallocated and free space of digital storage media
Search Techniques
Students will understand how to create effective operators and expressions to locate pertinent data on an acquired data sets.
Skills You Will Learn
- Understand ASCII and Unicode characters
- Discuss the importance of creating an effective keyword list.
- Perform live and indexed keyword searches
- Create basic GREP expressions.
- Locate pertinent data from an acquired RAM image.
Timeline Analysis
Students will understand how to create an effective timeline of events based on metadata obtained from pertinent files.
Skills You Will Learn
- Discuss the importance of having good background case information.
- Understand and analyze file metadata.
- Create an effective timeline based on background data and file metadata.
Reporting
Students will understand the importance of and how to create an effective report on analysis findings.
Skills You Will Learn
- Precisely describe each phase of the forensic process as it pertains to a specific digital forensics investigation.
- Describe the elements of an effective digital forensics report
- Defend analysis presented in report
- Customize report to remain in line with submitting agency
Threaded Scenario
Students will complete threaded scenario and deliver a report to achieve course certificate of completion
All payments must be received prior to training class. Cancellations must occur 7 days prior to start of class or 50% of the training costs will be forfeited to recover losses.
NOTE: Classes are subject to cancellation if there are not at least 8 participants signed up for the class. If cancellation does occur, each participant will be notified at least two weeks prior to start of the class. Please hold off making any fights or hotel accomodations until two weeks prior to the class.
Digital Shield is NOT responsible for costs associated with cancellation of classes such as flight and hotel accomodations for participants. Cost of the training class would be reimbursed back to the participant 100%.