Date/Time
Date(s) - Mon, Oct 04, 2021 - Tue, Oct 05, 2021All Day
Location
ONLINE ClassBelkasoft Evidence Center Prerequisite Course
This course is designed to introduce new examiners to the realm of digital forensics and provide the baseline of foundational knowledge needed to perform analysis of artifacts acquired from digital evidence. The BEC workflow is designed around the following fundamental concepts of digital forensics:
- Identification of digital evidence
- Logical disk structures
- Maintaining the integrity of source media
- Understanding the operating system
- Locating pertinent digital artifacts
During Instructor-led course activities and exercises, participants will demonstrate their understanding of essential digital forensic concepts while using the BEC platform. Upon completion, participants will be qualified to attend the Belkasoft certification course.
| Module | Duration | Description |
| Module 1 – Introduction | 1 Hour | The introduction will provide a brief history of Belkasoft followed by overview of course logistics enabling instructors and students to become familiar with one another and share their expectations for the course. |
| Module 2 – The Forensic Process | 1 Hour | Instructors lay the framework for how an examination involving the analysis of digital evidence should proceed from start to finish. |
| Module 3 – Identification of Digital Evidence | 2 Hours | Students will understand how to properly identify and handle digital storage items that could potentially contain artifacts pertinent to an investigation. |
| Module 4 – Digital Storage Media | 2 Hours | Students will learn how storage media is logically structured and utilized by the computer system to read and write data. |
| Module 5 – File System Overview | 2 Hours | Instructors will focus on Windows-based file systems to guide students on how files/folders are organized and accessed by the computer. |
| Module 6 – The Operating System | 2 Hours | Students will understand the operating environment and how users interact with it to access installed applications and their data. |
| Module 7 – Essential Artifacts | 3.0 Hours | Instructors will guide students on techniques to identify common file types, potentially pertinent artifacts from the user profile, and system files such as the Windows Registry. |
| Module 8 – Legal Issues | 1.0 Hour | Students will understand the legalities of digital evidence search and seizure and how could potentially impact an examination. |
The BEC certification course design, objectives, practical exercises, and scenarios are written based on over fifteen years of field experience from working with LE officers and CCU examiners both international and domestic. The techniques taught in this course – while based on BEC functionality and workflow – have been curated from extensive research, testing, and use on live systems involved in actual cyber crimes investigated around the world where DSI examiners were actively involved as contracted analysts, instructors, and/or mentors.