Title: Introductory Open Source IT Forensics & Network Investigations
Year: Mar 2013 – Version 1.0
Duration: 2 weeks
The aim of this course is to provide participants with an introduction to Open Source forensic software, file systems, data carving, evidential digital artefacts, networking and network security, cloud computing, email investigations, computer forensic strategies and live data forensics.
The entire course has been developed to incorporate Open Source or free tools that are available in most Linux distributions. Therefore each learning objective below will be achieved using Open Source software.
This is a very practical course, and as a result a lot of preparation must be done by students who wish to attend it. Much of the theory will be delivered as pre-read material and recapped during the two week course in review sessions and instructor led practicals.
Small list of agenda / topics / main points
Week one: has a basic digital forensics theme:
Introduction to Linux, Introduction to Computer Data, Imaging and Hashing, Partitioning & Formatting, FAT and NTFS File Systems, Data Carving, Metadata, Browser Artifacts, Registry Artifacts.
Week two: network investigations and the seizure of evidence at a search scene:
Introduction to Networks, Introduction to Windows Networking, Wireless Networks, Demystifying The Cloud, Email Investigations, Computer Forensic Strategies, Live Data Forensics
All courses that have been developed for E.C.T.E.G are freely available for law enforcement organisations. They include all necessary slides as well as manuals for trainers and students. The courses include the following properties: