European Cybercrime Training and Education Group

Home About Members Courses Apply for courses Contact

E.C.T.E.G course - Forensic Scripting using Bash

Title: Forensic Scripting using Bash
Year: May 2010 – Version 1.0
THIS TRAINING WILL BE UPDATED FOR end 2016 focused on python scripting
Duration: 1 week

Course Aim

The course is designed to take students with no programming experience, and bring them all to a common level of knowledge and understanding of scripting for forensic computing applications in a Linux environment.


Students are expected to have successfully participated in basic training for high tech crime investigators. They will have normally completed the E.C.T.E.G Introductory IT Forensics and Network Investigations Course. Ideally students will have completed the ' ECTEG Linux as a Forensic Tool' course, or be able to demonstrate equivalent knowledge. They should have knowledge of common file systems, e.g. FAT, NTFS, and disk geometry, e.g. boot sector and partitioning. They should be comfortable with navigation of the Linux file system at the command line; editing, saving, setting permissions on files, awareness of common forensic techniques using Linux, e.g. basic regular expressions, dd, mount, The Sleuth Kit.

Students will need to be able to understand and communicate in English.

Small list of agenda / topics / main points

The software development cycle (the waterfall model):

Writing scripts:

If you are interested in applying for these courses please take a look at the application page for more information.