Loading Map....

Date/Time

Date(s) - Mon, Jun 13, 2022 - Wed, Jun 15, 2022
All Day

Location

ONLINE Class


 

REGISTER HERE:           ONLINE COURSE

This course will provide students with the tools needed to analyze artifacts contained within random access memory acquired from live Windows-based systems.

The Belkasoft X platform provides a comprehensive toolset for the examiner to locate artifacts from:

  • Running processes
  • Network connections and file shares
  • Internet browsers
  • Social media content

The Belkasoft Live RAM Capturer is used by many first responders and examiners worldwide for its ability to acquire volatile memory from 32-bit and 64-bit systems quickly and completely, including areas in RAM protected by actively running applications. Data that could be potentially recovered from these areas include chat communications and webmail artifacts.

During Instructor-led course activities, and exercises – participants will demonstrate the ability to efficiently analyze digital artifacts acquired from RAM while utilizing Belkasoft X.

COURSE DETAILS

Language: English

Duration: 3 days

Formats: Onsite or online

MODULES

  1. Introduction 1 Hour
  2. Understanding Volatile Data 2 Hours
  3. Acquiring RAM 2.5 Hours
  4. Analysis of Windows-based RAM Artifacts 2.5 Hours
  5. Parsing Link Files 2.5 Hours
  6. Analysis of Internet-based RAM Artifacts 2.5 Hours
  7. Belkasoft X Reporting 1 Hour

The Belkasoft X certification course design, objectives, practical exercises, and scenarios are written based on over fifteen years of field experience from working with LE officers and CCU examiners both international and domestic. The techniques taught in this course – while based on Belkasoft X functionality and workflow – have been curated from extensive research, testing, and use on live systems involved in actual cyber crimes investigated around the world where DSI examiners were actively involved as contracted analysts, instructors, and/or mentors.

REGISTER HERE:

Course links will be sent 3 days before class.  Files needed for the course will be uploaded both to an FTP server and a Dropbox for download.  These links will be sent out 3 days prior to class.

Students will be required to complete a final exam consisting of written questions and practical skills assessments to demonstrate required capability on the BEC platform.

For more information contact:

Joe Church

jchurch@digitalshield.net

321-704-1336