Who are the courses for

DFLabs courses are usually directed towards the following positions:

• System administrators
• IT Security Managers
• Consultants
• Police Force
• Universitary students
• Audit
• IT personnel

Computer Forensics Analysis (CFA)

The course offers the technical knowledge essential to efficiently solve Forensic Analysis cases when the analysis of digital support or network traces complying with Digital Forensic standards is required. The course, focused mainly on practical activities, uses tools on IRItaly Live CD (Incident Response Italy), that renders the environment ready to be used for volatile data gathering, original support duplication, and post-incident investigation. The formal methodology used puts forward different use scenarios on Unix and Win32 platforms.

AIMS
Considerable amount of time is dedicated to Device Forensic Duplication, with the help of specific software and hardware tools describing in detail the main image formats , the procedures to follow and common difficulties. The following steps are for the low-level analysis of the support acquired describing and applying techniques such as Keyword Search, Data Carving, Data Export and Slack Space analysis. A section of the course deals with the various hash algorithms and their practical implications as part of the discipline Digital Investigation. Moreover indications how to draw up the Investigation Report including paper form and photographic documentation produced during the acquisition process. Practice is done on Linux using many free tools as well as the new PTK analysis tool developed by DFLabs. Another tool used is DFLabs Digital Investigation Manager (D.I.M.), the new tool for the management of acquisition procedures and digital investigation. Activities are carried out with the help of PTK, the graphic advanced alternative for the suite TSK.

Duration: 2 days

*Optionally one can participate at a preliminary introduction to the OS Linux class.

Computer Forensics Analysis Advanced (CFAD)

This course follows Computer Forensic Analysis course and deals with advanced activities of Digital Investigation making use of many practical cases and real cases simulation.

AIMS
Starting from different methods of Temporal Timeline generation (textual or graphic), the analysis process based on footprint is described correlating the results from different information sources such as log generated by device or security software with the information from media analysis. Besides, during class advanced Data Carving techniques are described and applied both to media and to network dump with the aim of recovering deleted or obfuscated data. In the subsequent section of the course we scheduled the application of different investigation activities such as virtual evidence, static and dynamic analysis of binaries through decompilers and debuggers. The description of RAM dump analysis necessary for the integration of the activities mentioned includes information reconstruction and keyword search activities meant to recover credentials or information otherwise coded on disk. The course ends with research and analysis processes of the so called Windows Artifact such as browser cache analysis, recycle bin and log systems both for Windows and Unix. Activities are carried out with the help of PTK, the graphic advanced alternative for the suite TSK.

Duration: 2 days

For any informations: sales (at) dflabs (dot) com