High Quality Content & a Solid Training Value

SUMURI is taking a new approach to training with the Surviving Digital Forensics Series. This training is topic specific and focused on building computer forensic skills using low cost and no cost tools. Best of all, this series is designed for students to pick and choose the topics they would like to learn more about – it is truly training “a la carte” being delivered all Online and On Demand – available whenever you are. When you purchase a class you have access to it forever – no time limits. Check it out, you will be amazed how affordable quality training can be. Remember, this is an on-going project and new classes are added regularly.

Surviving Digital Forensics: LINK Files

A computer forensic guide for understanding LINK file evidence on Windows computer systems

link-files

Windows LINK files are a great source of information when your aim is proving file use and knowledge during a computer forensic investigation. This course goes beyond automated results and digs into the body of a LINK file in order to understand how it is constructed and how to manually pull out and interpret the data. Through a series of hands-on validation exercises and practical exercises you will gain a firm understanding of how LINK file data is affected by different types of user driven behavior. Using all freely available tools, this course takes you through the process of understanding what automated tools do under the hood – all in about an hour.

Take SDF: Link File Forensics

Surviving Digital Forensics: RAM Extraction Fundamentals

Learn how to apply RAM extraction basics and get hands on experience using RAM capture tools

ram-extractionjpg

Conducting a RAM extraction as part of the computer evidence collection process is a front line examiner skill which becoming more and more in demand. A system’s live memory contains an assortment of valuable forensic data. A computer analyst trained in memory forensics can dig out evidence of hidden malware processes, user activity and encryption keys or password hashes that may be critical to accesses protected data.

This class provides you with the foundation knowledge to help you make better decisions about why or why not to capture live memory. It also gives you hands on experience using a number of freely available RAM capture tools and covers the advanced topic of using Inception.

Take SDF: Ram Extraction Fundamentals

Surviving Digital Forensics: Resolving Attached USBs

A forensic guide for linking USB activity to Windows computer systems

resolving-usbs

Have you ever been asked to find out what the “F” drive is? Have you ever needed to prove a USB drive was attached to a target system? Collecting and presenting this information is a core skill all computer forensic analysts need know. If you have ever struggled with this then this class is for you. This course breaks down the process of collecting and interpreting the data necessary to make the connection between USB device and Windows systems.

Using all freely available tools, this course walks you through the process of identifying USB devices that have been attached to a system and shows you how to determine the times they were attached, what the volume names are, what the assigned drive letters were and which user mounted the USB volumes – all of this in about an hour.

Take SDF: Resolving Attached USBs

Surviving Digital Forensics: Windows Shellbags

Computer forensic evidence to help prove file use & knowledge

windows-shellbags Examine how to use Windows Shellbag records to help prove file use and knowledge. Shellbag records are created by certain user activity and can be used to show where a user has navigated to on a computer system and when they did so. Very powerful evidence!

As with previous SDF classes you will learn by doing. The class begins with a brief overview of the issue at hand. Then we set up our forensic systems and off we go. Learning is hands on and we will use low cost and no cost computer forensic tools to do so.

Expert and novice computer forensic examiners alike will gain from this class. Since we are doing it the SDF way we are going to teach you real computer forensic skills that you can apply using our method or customize to meet your needs. You will learn how you can use freely available forensic tools, all GUI based, to extract and analyze Windows Shellbag evidence.

Take SDF: Windows Shellbags

Surviving Digital Forensics: Volume Shadow Copy

Learn how to tap into this amazing source of historical user information. It’s easier than you think!

volume-shadow-copyTime travel anyone? Well, sort of… By creating computer forensic images from volume shadow copies you are able to capture the system in different points in time- going back days, weeks, months or even years. Drop these images into your favorite computer forensic tool and suddenly your pulling up previous versions of documents and deleted files and folders. I have used this technique to overcome the effects of computer “wiping” and “cleaning” utilities. This class teaches you how to identify and create these images in a few quick steps- no high cost computer forensic tools needed. In fact, you will be amazed how easy it is to do. If you are a computer forensic analyst then this is one of the top skills you need to have.

Take SDF: Volume Shadow Copy

Surviving Digital Forensics: Windows Prefetch

Helping you sharpen your computer forensic skills to prove file use and knowledge

windows-prefetchThis class is focused on helping you become a better computer forensic examiner by understanding how to use Windows Prefetch data to prove file use and knowledge – all in about one hour. The class covers prefetch files from Windows XP through Windows 10.

As with previous SDF classes you will learn by doing. The class begins with a brief overview of the Windows Prefetch and an understanding of how it works. Then we will get into a number of validation exercises to see how user activity really affects Windows Prefetch data. Learning is hands on and we will use low cost and no cost computer forensic tools to do so.

Expert and novice computer forensic examiners alike will gain from this class. Since we are doing it the SDF way we are going to teach you real computer forensic skills that you can apply using our method or with any forensic tool you choose. Therefore you are not just going to learn about the Windows Prefetch but you will learn a method you can use to answer questions that may come up in the future.

Take SDF: Windows Prefetch

Surviving Digital Forensics: Imaging Mac Fusion Drives

Mac on Mac Imaging!

imaging-mac-fusionLearn how to image a Mac using only a Mac and freely available software. This will give you not only an additional imaging option but also provide you a solution for imaging Mac Fusion drives.

As with previous SDF classes you will learn by doing. The class begins with a brief overview of the issue at hand. Then we set up our forensic systems and off we go. Learning is hands on and we will use low cost and no cost computer forensic tools to do so.

Expert and novice computer forensic examiners alike will gain from this class. Since we are doing it the SDF way we are going to teach you real computer forensic skills that you can apply using our method or customize to meet your needs. We cover basic imaging as well as some additional options you may need such as, splitting an image, using different hash algorithms, imaging partitions and more.

Take SDF: Imaging Mac Fusion Drives

Surviving Digital Forensics: Windows Explorer

Learn how to prove file use & knowledge with evidence from Windows Explorer

windows-explorerOftentimes you will be asked to find information on a target system that shows if a user accessed certain files, the last time they did and/ or how often they did. Being able to put a picture together that answers these questions can be critical and make or break the case. In this course you will learn one method that can be used to answer these questions. Of course we will be using all low cost or no cost computer forensic tools. The course is focused on just what you need and you will be up and running in about an hour.

As with previous SDF classes you will learn by doing. The class begins with a brief overview of the method we will be using and then it is all hands on. There are three practicals in which you work with our prepared files in applying the technique as well as questions to answer about each scenario.

Take SDF: Windows Explorer

Surviving Digital Forensics: Understanding OS X Timestamps

Build core computer forensic skills and learn how to interpret & validate Mac OS X dates & times

osx timestampsThis class is focused on helping you get a better understanding of OS X Time Stamps and to become a better Mac examiner.

As with previous SDF classes you will learn by doing. The class begins with a brief overview of OS X time – as Apple sees it – then we will get into a number of validation exercises to see how user activity really affects Apple time stamps. Learning is hands on and we will use applications already installed on your Mac to do so.

Expert and novice Mac examiners alike will gain from this class. Since we are doing it the SDF way we are going to teach you real computer forensic skills that you can apply to all versions of OS X. Therefore you are not just going to learn about OS X timestamps but learn a method you can use to answer many date and time questions that may come up in the future.

Take SDF: Understanding OS X Time Stamps

Surviving Digital Forensics: Paladin Virtual Machine

Learn how to create a computer forensic virtual machine using Paladin.

paladin-virtual-machineThis class will teach you how to create a forensic virtual machine using Paladin and other free software in under one hour. Paladin is a pre-made computer forensic platform loaded with Linux-based forensic tools, so why not have it at the ready as a virtual machine for when you need it? You can create it in a few easy steps and once you get the hang of it you may create other virtual machines using many of the common forensic boot discs that are available.

The class begins with a brief background on Virtualbox and Paladin to give you a basic understanding of not only where to find and download the software, but the benefit of both programs. In particular, Paladin is filled with many forensic tools and getting an overview of what Paladin has to offer let’s you more fully appreciate it as a computer forensic platform. Understanding Virtualbox will allow you to use this tool beyond the scope of this lesson. It will also reduce the learning curve in getting your virtual machines set up and running smoothly. After this it is all hands-on. Videos will walk you through setting up Virtualbox and linking it to the Paladin .ISO.

Take SDF: Paladin Virtual Machine