About the course
This specialist-level technical course is designed to practically develop a cyber investigator’s skills and extend their knowledge to reveal potential ‘smoking gun’ evidence from a system.
Investigators need to be capable ofcollecting and analysing data from
a constantly evolving range of disk technologies, file and operating systems. The course is continually updated, based on our experiences, knowledge and client requirements to provide delegates with
answers to the ‘How can I collect that data or find evidence of that activity?’ This five-day course, updated in 2016 to include Windows 10, provides theory and scenario-based practical exercises and
expanding data collection to include ‘live’ and volatile data.
Delegates will investigate artefacts buried in common file systems and ‘recorded’ by Windows of both system and user activity.
THE SKILLS YOU WILL LEARN
Using practical scenarios based primarily on Windows environments and artefacts, you will: Understand the digital investigation process and best practice Build a bootable USB data collection device Collect data from Live, Remote and Virtual systems understand the underlying structures
associated with NTFS, FAT32 and ExFAT file systems Collect and process volatile data Capture a mailbox from a live Microsoft exchange server Investigate a Windows domain controller to identify systems and users Understand RAID storage and rebuild data Understand types of ‘User’ account Investigate Windows Event Logs and USB device activity
Examine user activity for program execution, file activity and system
navigation Investigate log files Query Chrome web-browser SQLite
databases and extract stored passwords Explore and extract data from Volume Shadow Copies Parse and interpret the USN / Change Log
This course will enable you to:Develop your forensic investigation skills
to an advanced level Practice new techniques suitable for evidence identification, capture and analysis in a ‘live’ environment Acquire an industry-recognised qualification to support your career progress
CFIS is accredited by CREST and is idealpreparation for the CREST Certified Host Intrusion Analyst qualification. CFIS has been assessed and accredited by IISP at Level 1: A2, A6 and Level 1+: F2 and F3, enabling you to build knowledge, competency and gain hands-on experience in the areas of the Institute’s Skills Framework.