About the course
This is a fundamentals-level course for people who have to
handle or advise on electronic evidence/data on a regular basis
and provides them with the skills to ensure that forensic and
evidential integrity is retained when data is transferred or copied.
Gain confidence in securing, collecting,acquiring and the preserving of
digital evidence by getting a practical understanding of the legalities, best
practice and current techniques used for cyber investigations, eDiscovery, or other regulatory proceedings in accordance with ISO 27037.
This three-day course is ideal for those new to the subject area who are required to advise on and/or handle data collection on a regular basis, or seasoned practitioners looking for additional forensic imaging methodologies or some formal accreditation in this area. The course includes the following: An overview of current legislation and the impact of recent case law ACPO best practice and other guidelines for data collection, and relevant ISO standards What is ‘forensic’ in respect to data
acquisition? Evidence seizure, handling and chain of custody The challenges of data collection due to evolving technologies from static, network, live and cloud storage environments Data verification, integrity, hashing techniques and actions on failure Differences between static, booted, live and network acquisition When to consider live and volatile data collection and its potential impact Documenting your process and report statement writing Delegates will apply the theory of securing
and acquiring forensic data during practical exercises to demonstrate the techniques of forensic imaging in a number of environments using different techniques and software; the capturing of a system from a virtualised environment; extracting an individual mailbox from a live Microsoft Exchange e-mail server, and live system memory and volatile data capture.
THE SKILLS YOU WILL LEARN
You will be introduced to the legalities,best practice and current techniques used for data acquisition as part of forensic
investigation, eDiscovery or other regulatory proceedings
You will carry out forensic imaging in a number of environments, using different methods and software You will learn how to extract individual
mailboxes from a live Microsoft Exchange email server, as well as live system memory and volatile data capture