Computer Forensics, Investigation and Response

This course is designed for anyone who is looking for an integration of forensics and investigative methodologies and legal issues, to understand the technical side of incident response, to learn how to collect evidence and analyze Windows and Linux systems involved in an investigation, to learn how to forensically recover and analyze data without relying on a toll to automatically accomplish the task and to learn how files systems are structured and store their data so that they can understand where evidence exists on any type of hard drive.
There are no prerequisites for this course.
5 Days/Lecture & Lab
This course is designed for Systems Administrators, Security Specialists, Security managers, Network Administrators.
  • File System Structures and Metadata
  • FAT/NTFS/Ext2/Ext3 File system Essentials
  • Evidence Acquisition of Hard Drives and Volatile Data
  • String Searching Utilizing Dirty Word Lists
  • File system Timeline analysis
  • Data Recovery Techniques Using Strings and File Headers
  • Forensic Hash Comparisons via Hash Databases
  • Media Analysis of System Registry, Internet Activity, and Metadata
  • Application Footprinting
  • USB Forensic Analysis
  • Data Recovery Techniques Using Strings and File Headers
  • Fuzzy Hashing

Related Scheduled Courses