Open Source Digital Forensics Training Course
The day-to-day reality for most of the global population requires constant access to some form of technology with reliable Internet connectivity. Widespread availability to computing devices such as laptops, tablets, and mobile devices, coupled with affordable large capacity external storage options have created a borderless community with access to enormous volumes of information (and each other) in real-time.
This presents some formidable obstacles for law enforcement as new recruits to high-tech crimes units – whether due to budgetary constraints or access to training – aren’t prepared to assist their colleagues in case work. Additionally, existing HCU/DFL members need to consistently refresh prior training and knowledge base to stay abreast of forensic techniques and best practices.
HCU/DFL management is also faced with managing the financial requirements of a growing technical unit – around an unpredictable budget.
The OSDFIC is designed to provide investigators and new examiners a foundation in digital forensics fundamentals through instructor-led hands-on practical exercises and realistic scenarios. This is accomplished using tested Open Source forensic tools – proven to be true and accurate with precedence in the digital forensic community (and in US courts) – to establish an effective digital forensics analysis workflow within the framework of a threaded case study
Topics Covered:
• Windows Registry artifacts
• Hash Analysis
• File Signature Analysis
• Internet-based artifacts
• Data Recovery Techniques
• Keyword Search Techniques
• Timeline Analysis
• Drafting effective reports
The aim of this course is guide new examiners in becoming effective members of the HCU/DFL, while providing managers with a realistic forensic software resource solution that fits within current budgetary constraints.
Modules
Identification and Acquisition of Digital Media
Lessons
- Module 2.1 – Identification and Acquisition of Digital Evidence
- PSA 2.1 – Digital Evidence Review
- Exercise 2.1 Evidence Review
- Module 2.2 – Identification and Acquisition of Digital Evidence [Part 2]
- PSA 2.2 – Preparation of Digital Evidence Storage Media
- PSA 2.3 – Forensically Acquiring Digital Storage Media
- Exercise 2.3 – Physical and Logical Free Preview
- Quiz – Module 02
The Low Hanging Fruit
Lessons
- Module 3.1 – The Low Hanging Fruit
- PSA 3.1.1 – Windows Registry – SAM
- PSA 3.1.2 – Windows Registry – NTUSER.DAT
- PSA 3.1.3 – Windows Registry – SYSTEM
- PSA 3.1.4 – Windows Registry – SOFTWARE
- Exercise 3.1 – Registry Analysis
- Module 3.2 – Hash Analysis
- PSA 3.2.1 – Hashing Files
- PSA 3.2.2 – Creating Hash Sets Using Windows Autopsy
- Exercise 3.2 – Hash Analysis
- Module 3.3 – File Signature Analysis
- PSA 3.3 – File Signature Analysis
- Module 3.4 – Windows Prefetch
- PSA 3.4.1 – Windows Prefetch Analysis
- PSA 3.4.2 – Prefetch Analysis Using Windows Autopsy
- Exercise 3.4.2 – Prefetch Analysis
- Module 3.5 – Windows Thumbcache
- PSA 3.5 – Thumbcache Analysis using Autopsy
- Exercise 3.5 – Thumbnail Analysis
- Module 3.6 – Link Files
- PSA 3.6 – Analysis of Link Files using Autopsy
- Exercise 3.6 – Link File Analysis
- Module 3.7 – The Recycle Bin
- PSA 3.7 – Analyzing the Recycle Bin
- Exercise 3.7 – Recycle Bin Artifacts
- Quiz – Module 03
Internet Artifacts
Lessons
Data Recovery Techniques
Lessons
- Module 5.1 – Data Recovery Techniques
- PSA 5.1.1 – Data Recovery using FTK Imager
- PSA 5.1.2 – Data Recovery using Windows Autopsy
- PSA 5.1.3 – Data Carving Techniques
- Module 5.2 – Recovering Artifacts from RAM
- PSA 5.2.1 – Analyzing RAM using Volatility
- PSA 5.2.2 – Analyzing RAM using Bulk Extractor
- PSA 5.2.3 – Carving RAM using Autopsy
- Exercise 5.2 – RAM Analysis
- Quiz – Module 05
