This course introduces the information and techniques law enforcement personnel need to safely and methodically collect and preserve digital evidence at a crime scene in a forensically sound manner. Topics include recognizing potential sources of digital evidence, planning and executing a digital evidence-based seizure, and the preservation, collection, documentation and transfer of digital evidence.
This course provides the fundamental knowledge and skills required to acquire forensics backup images of commonly encountered forms of digital evidence in a forensically-sound manner. Presentations and hands-of practical exercises cover topics on storage media and how data is stored, the forensic acquisition process, tool validation, hardware and software write blockers, forensic backup image formats, and multiple forensic acquisition methods.
This course provides students with the fundamental knowledge and skills necessary to perform a limited digital forensic examination, validate hardware and software tools, and effectively use digital forensic suites and specialized tools. This course begins with a detailed explanation of the digital forensic examination process, including documentation, case management, evidence handling, validation and virtualization. Students learn to use today's leading commercial and open-source digital forensic suites: Magnet AXIOM, X-Ways Forensics, and Autopsy. Instruction on each suite will include an interface overview, configuration, hashing, file signature analysis, keyword searching, data carving, bookmarking and report creation.
Mobile devices dominate the intake list and the desks of most digital PRIMER forensic analysts globally. SQLite is a self-contained, serverless database engine. It is found on nearly every operating system and dominates iOS, Android and macOS as one of the most prevalent and relevant data storage mechanisms. With an increase in device security, learn to arm yourself with the skills and techniques needed to conquer the analysis of nearly any application.
This course covers the identification and extraction of artifacts associated with the Microsoft Windows operating system. Topics include the Change Journal, BitLocker, and the detailed examination of various artifacts found in each of the Registry hive files. Students also examine event logs, Volume Shadow Copies, link files and jump lists.
This four-day course provides the fundamental knowledge and skills necessary to preserve, acquire, and analyze data on iOS devices and various Android devices. Students use forensically sound tools and techniques to acquire and analyze potential evidence. Topics include identifying potential threats to data stored on devices, available imaging options, accessing locked devices, and the default folder structure. the forensic artifacts covered include device information, call history, voicemail, messages, web browser history, contacts and photos.