1300 55 33 24w w w . c d f s . c o m . a u

Digital Forensics & Data Analysis 101 + CUFO

This course is focused on providing Investigators with the

knowledge required to perform a proper Collection,

Triaging, Reviewing and Examination of Digital Evidence.

C O U R S E S U M M A R Y

Connecting People, Technology, and the Truth

1300 55 33 24 www.cdfs.com.au

4-DAY INSTRUCTOR LED COURSE

This course is focused on providing Investigators with the knowledge required to perform a proper Collection, Triaging, and Reviewing of Digital Evidence.

Multiple practical exercises are provided to enforce key concepts learned

Zoran Iliev – Forensic ExaminerMaster of eForensics and Enterprise Security

• Digital Forensic Triage• Forensic Imaging of USB Devices• Reviewing Digital Evidence• Communicate and work efficiently with Digital and Cyber Teams• Mobile Device Technology Overview: Cellebrite UFED Field Operator (CUFO)

FOCUS

THEORY AND PRACTICAL

TRAINER

COURSE OUTCOMES INCLUDE

• Government and Law Enforcement Investigators• Cyber Crime Investigators• Digital Forensic Investigators• IT Security Managers

TARGET AUDIENCE

Connecting People, Technology, and the Truth

1300 55 33 24 www.cdfs.com.au

•What is Forensic Science•The role of the Forensic Science in the Legal System•Why is important to understand the forensic evidence•Identifying Forensic Traces

•Different types of Hardware Write Blocking and Imaging Devices•Software Write Blocking Applications•The importance of testing and verification of DF tools

•Introduction and Discussion

•What is Digital Forensic Crime Scene•Prepare before attending the Crime Scene•DF team member and the warrant holder•Interviewing suspects in relation to digital evidence•How to control the Digital Forensic Crime Scene•The importance of the forensic approach when processing Digital Evidence•Protect and manage digital evidence at the crime scene•Document digital evidence at the crime scene•Processing a crime scene involving digital evidence and perform preliminary survey•Introduction to Digital Forensic Triage•Develop a plan for successful triage of digital evidence

•Desktops, laptops, and other devices with operating systems•Boot Process•Forensic Boot

•Different types of Digital Storage Devices and Media•Introduction to data organisation (file systems and data structures)•Remote / Network / Cloud Storage

•What is Operating System•Different types of Operating Systems•Common OS forensic artefacts•Application Software

MOD 1: FORENSICS AND DIGITAL FORENSICS

MOD 6: DATA PRESERVATION PRINCIPLES

MOD 2: DIGITAL FORENSIC PRINCIPLES

MOD 7: MANAGING DIGITAL EVIDENCE AT THE CRIME SCENE

MOD 3: HARDWARE PRINCIPLES

MOD 4: STORAGE MEDIA PRINCIPLES

MOD 5: OPERATING SYSTEMS

Connecting People, Technology, and the Truth

DAY 1

DAY 2

DAY 3

DAY 4

•Digital evidence collection•How to prepare/sterile Target Media•What is Forensic image and what is a Clone•Different types of Forensic Image Formats•Perform basic imaging•Data collection

•Practical Exercises•Prepare target media•Test and verify DF tools•Imaging•Cloning•Data Containers•Targeted Collections•Authentication

•The theory of DFT•Using different tools to perform DF Triage•Triaging of storage devices•Prioritising devices for Live examination and collection (Volatility Risk Assessment)•Triaging of computer systems and smart devices

•Windows•Apple•Android

•How to Identify “Hot Zones” for effective DFT on powered on systems•Live DFT Workflow•DFT and RAM•Identify Encrypted structures (Volumes, Folders…)

•Bit Locker•Specialities of APPLE devices

MOD 8: THE ACQUISITION PROCESS

MOD 9: DIGITAL FORENSIC TRIAGE

•How to identify and manage individual and environmental threats to an officer’s safety

•How to deploy proper procedures and tactics to ensure personal safety as well as the safety of others at the electronic crime scene

•Introduction

MOD 10: OHS AND OFFICER SAFETY

MOD 11: DIGITAL EVIDENCE IN COURT

1300 55 33 24 www.cdfs.com.au

Connecting People, Technology, and the Truth

DAY 5

INFO

(OPTIONAL)

COURSEDETAILS

•Mobile Device Technology Overview•Data Locations•Forensic Handling of Mobile Devices•UFED Kiosk Tour•SIM Extraction with UFED Kiosk•Mobile Device Extraction with UFED Kiosk•SD Card Extractions with UFED Kiosk•Viewing Data using the UFED Kiosk

NOTE: •This list is dynamic and can be changed on request to include additional tools.•CDFS reserves the right to change the tools without prior notice unless otherwise agreed.

MOD 12: MOBILE DEVICE TECHNOLOGY OVERVIEW: CELLEBRITE UFED FIELD OPERATOR (CUFO)

1300 55 33 24

PRICE

DATE

DELIVERY METHOD(S)VIRTUAL INSTRUCTOR LED

24 – 28 AUGUST 2020

$3960 FOR 5-DAY COURSE(INC GST)

Connecting People, Technology, and the Truth

www.cdfs.com.au