5-Day Open Source Digital Forensics Consultation

Providing comprehensive digital forensics training using Open Source tools designed for lab environments and examiners with a limited budget.

This course focuses on conducting forensic analysis of digital evidence acquired from desktop computers, laptops, RAM, and external storage media. Concepts taught will be enforced through instructor-guided scenarios, practical
exercises, and discussion forums centered on providing solutions to technical obstacles for new and experienced examiners.

Course Overview

The Open Source Digital Forensics Course (OSDFC) is designed to train law enforcement, IT administrators, and IT security investigators the latest methods and procedures utilized to acquire and analyze digital media with open source or free tools.

Digital forensics is an extremely sought after skill that provides the investigator with technical insight and verifiable evidence about how a computer had been used when committing a crime. While the training to become an effective examiner is highly specialized, unfortunately the commercial tools available to a lab environment can be extremely expensive. License maintenance costs makes some tools impossible or even an unrealistic line item of increasingly reduced budgets. Despite the exponential growth of technology being used in support of more crimes, hard decisions have to be made with respect to the capability of LE agencies to handle digital evidence.

The Open Source community has responded in a big way and begun to develop viable forensic tools, available on multiple platforms, that can process digital evidence with the same level of integrity as their commercial counterparts.

What You Will Learn

  • Sound techniques to manage cases containing digital evidence
  • Foundational training on how to properly identify digital evidence and proper handling techniques
  • Procedures to acquire digital media from multiple sources using forensically sound techniques and tools
  • How to construct a cost-effective forensic workstation that can be used to acquire digital media, conduct analysis, and produce comprehensive reports on in support of an open case.
  • Hands-on practical exercises geared toward exposing the examiner to methods on how to conduct thorough analysis of digital evidence using effective Open Source tools

Day 1: Identification of Digital Evidence

Students will understand current technological trends and computer hardware to determine the possible physical location of digital evidence in preparation for forensic acquisition.

Skills You Will Learn

  • Identify components of traditional computing devices
  • Identify form factors of digital media storage devices
  • Describe mainstream hard drive interfaces
  • Discuss virtual computing environments and cloud storage options

 

 

Day 1: Acquisition of Digital Evidence

Students will perform digital media acquisitions using forensically sound methods and procedures with open source/free tools. Skills You Will Learn

  • Identify and properly prepare destination storage media.
  • Explain the forensic methodology used to properly interface with original evidence.
  • Explain the forensic methodology used to properly acquire digital evidence

 

 

Day 2: Analysis Tools Overview

Students will understand the importance of the growing open source development community to digital forensics, and where trusted resources are located for distribution.. Skills You Will Learn

  • Define the open source concept and how it can be compared with commercially developed software.
  • Identify popular open source tools, open source tool repositories, and trusted methods that can be used for digital forensic analysis.

 

 

 

Day 2: Hash Analysis

Students will understand how trusted hash sets of known files can assist them to more efficiently identify pertinent data contained on digital storage media. Skills You Will Learn

  • Identify trusted sources of available hash sets.
  • Create hash sets of known files using Open Source tools
  • Identify known files using trusted hash sets to reduce data set for analysis

 

 

Day 2: File Signature Analysis

Students will understand how properly identifying file types can assist them to more efficiently identify pertinent data contained on digital storage media.. Skills You Will Learn

  • Identify known file types by their header.
  • Perform forensic file signature analysis to properly identify files

 

Day 3: Data Recovery Techniques

Students will understand the importance of recovering data from unallocated space of storage media partitions and free space to locate pertinent data. Skills You Will Learn

  • Explain popular file system structure (FAT, NTFS, HFS+) to understand how files can be recovered if deleted.
  • Explain challenges with data recovery from flash media storage devices.
  • Perform file carving techniques to recover data from unallocated and free space of digital storage media

 

Day 3: Search Techniques

Students will understand how to create effective operators and expressions to locate pertinent data on an acquired data set. Skills You Will Learn

  • Understand ASCII and Unicode characters
  • Discuss the importance of creating an effective keyword list.
  • Perform live and indexed keyword searches
  • Create basic GREP expressions.
  • Locate pertinent data from an acquired RAM image.

 

 

Day 4: Timeline Analysis

Students will understand how to create an effective timeline of events based on metadata obtained from pertinent files. Skills You Will Learn

  • Discuss the importance of having good background case information.
  • Understand and analyze file metadata.
  • Create an effective timeline based on background data and file metadata.

 

Day 4: Reporting

Students will understand the importance of and how to create an effective report on analysis findings.. Skills You Will Learn

  • Precisely describe each phase of the forensic process as it pertains to a specific digital forensics investigation.
  • Describe the elements of an effective digital forensics report
  • Defend analysis presented in report
  • Customize report to remain in line with submitting agency

 

Day 5: Threaded Scenario

Students will complete threaded scenario and deliver a report to achieve course certificate of completion

 

For available course dates please select here: