- Date: 18/5/2017
- Time: 8:00 AM - 4:00 PM
- IT Professionals
- Information Security Professionals
- IT Auditors
- Incident Response Team Members
- Experienced Digital Forensic Analysts
- Red Team Members, Penetration Testers, and Exploit Developers
- Law enforcement officers, federal agents, or detectives
- Forensics Investigators
- Computer security incident response
- Collecting and documenting evidence
- Investigation of different types of digital evidence
- Data recovery
- Preventing computer security incidents or minimizing the risk of them
Part 1. Computer forensics of Windows operating system
- Developing incident handling capabilities
- Recommended tools and methods for collecting evidence
- Collecting and documenting evidence
- Creating copies of data from different sources
- Collecting volatile data: memory, traffic, live data of running computer
- Computer forensics fundamentals
- Prerequisites for successful cybercrime investigation
- Collecting evidence in Windows operating system
- Recommended Windows tools for forensic data duplication
- Windows artefacts
- Investigation of network connections and creating timeline
- Investigation of the incident with internet banking fraud
- Practical classes
Part 2. Memory forensics
- Memory structure depending on the architecture
- Analysis of Windows memory dumps
- Analysis of Linux memory dumps
- Malware in memory dumps
- Forensic artifacts from memory dump
- Practical classes
Part 3. Network Forensics
- Topologies of computer networks, protocol stacks, hardware types and types of network addressing
- Forensic analysis of network protocols: HTTP, FTP
- Methods of creating traffic copies depending on the device
- Forensic reconstruction of data flows in traffic dumps
- Practical classes
Part 4. Practical independent investigation