Introduction to IT forensics
A forensic investigation in the IT environment is always prompted by a suspected attack (DDOS attack, break-in, theft). In this course, we show you how to substantiate or refute a suspicion of this type with the aid of electronic evidence: from the error-free securing of evidence through to the compilation of a forensic copy and the analysis of a memory image. In addition to organisational and procedural matters, we deal primarily with the technical aspects and make use of practical exercises.
This course is aimed at all those involved in forensic investigations and those who would like to obtain an initial overview of this field: investigators, security offices, IT project managers, administrators and those in similar professions.
It is enough to have a good knowledge of MS Windows and/or Linux in order to follow the course. Participants will make forensic copies of data media and of memory areas themselves in a range of hands-on exercises and then study the data. This is performed primarily on the command line under Windows and/or Linux, with the individual steps all being explained in detail.
Course content and objectives
- acquire a good overview of the specialist area of IT forensics.
- learn the procedure for securing forensic evidence.
- know what are the most frequent mistakes in securing evidence and how to avoid them.
- are in a position to produce forensic copies of data media.
- can perform memory imaging themselves and correctly analyse the memory images.
Introduction to forensics, clue hunting, chain of evidence, hard disk mirroring, memory imaging, forensic aids/tools, data analysis, timeline, report.
CHF 2250 including VAT and course material. We will provide laptops for the hands-on exercises. Catering is included in the price of the course. After completing the course, you will be issued with a confirmation of your participation.
Date of next course
Currently at the planning stage.
Have you any questions? Would you like to hold this course on your company premises? Contact us by e-mail at email@example.com or by phone on +41 44 268 1540.