• IT security with CERT
• Reports & Downloads
• Training
  • Web Application Security
  • IT Forensics
• Contact

Introduction to IT forensics

A forensic investigation in the IT environment is always prompted by a suspected attack (DDOS attack, break-in, theft). In this course, we show you how to substantiate or refute a suspicion of this type with the aid of electronic evidence: from the error-free securing of evidence through to the compilation of a forensic copy and the analysis of a memory image. In addition to organisational and procedural matters, we deal primarily with the technical aspects and make use of practical exercises.

Target group
This course is aimed at all those involved in forensic investigations and those who would like to obtain an initial overview of this field: investigators, security offices, IT project managers, administrators and those in similar professions.

Requirements
It is enough to have a good knowledge of MS Windows and/or Linux in order to follow the course. Participants will make forensic copies of data media and of memory areas themselves in a range of hands-on exercises and then study the data. This is performed primarily on the command line under Windows and/or Linux, with the individual steps all being explained in detail.

Course content and objectives
Participants:

• acquire a good overview of the specialist area of IT forensics.
• learn the procedure for securing forensic evidence.
• know what are the most frequent mistakes in securing evidence and how to avoid them.
• are in a position to produce forensic copies of data media.
• can perform memory imaging themselves and correctly analyse the memory images.

Key concepts
Introduction to forensics, clue hunting, chain of evidence, hard disk mirroring, memory imaging, forensic aids/tools, data analysis, timeline, report.

Cost
CHF 2250 including VAT and course material. We will provide laptops for the hands-on exercises. Catering is included in the price of the course. After completing the course, you will be issued with a confirmation of your participation.

Date of next course
Currently at the planning stage.

Contact
Have you any questions? Would you like to hold this course on your company premises? Contact us by e-mail at training@switch.ch or by phone on +41 44 268 1540.
 

Register now and choose a date