FOR308: SANS Cyber Security Central: Feb 2022

Provided by

Enquire about this course

What You Will Learn

More than half of jobs in the modern world use a computer. The vast majority of people aged 18-30 are 'digitally fluent'; accustomed to using smartphones, smart TVs, tablets and home assistants, in addition to laptops and computers, simply as part of everyday life. Yet, how many of these users actually understand what's going on under the hood? Do you know what your computer or smartphone can tell someone about you? Do you know how easy it might be for someone to access and exploit that data? Are you fed up with not understanding what technical people are talking about when it comes to computers and files, data and metadata? Do you know what actually happens when a file is deleted? Do you want to know more about Digital Forensics and Incident Response? If you answered 'yes' to any of the above, this course is for you. This is an introductory course aimed at people from non-technical backgrounds, to give an understanding, in layman's terms, of how files are stored on a computer or smartphone. It explains what Digital Forensics and Incident Response are and the art of the possible when professionals in these fields are given possession of a device.

This course is intended to be a starting point in the SANS catalogue and provide a grounding in knowledge, from which other, more in-depth, courses will expand.

IT'S NOT JUST ABOUT USING TOOLS AND PUSHING BUTTONS

FOR308: Digital Forensics Essentials Course will help you understand:
  • What digital forensics is
  • What digital evidence is and where to find it
  • How digital forensics can assist your organization or investigation
  • Digital forensics principles and processes
  • Incident response processes and procedures
  • How to build and maintain a digital forensics capacity
  • Some of the key challenges in digital forensics and incident response
  • Some of the core legal issues impacting on digital evidence
Digital forensics has evolved from methods and techniques that were used by detectives in the 1990's to get digital evidence from computers, into a complex and comprehensive discipline. The sheer volume of digital devices and data that we could use in investigative ways meant that digital forensics was no longer just being used by police detectives. It was now being used as a full forensic science. It was being used in civil legal processes. It was being used in the military and intelligence services to gather intelligence and actionable data. It was being used to identify how people use and mis-use devices. It was being used to identify how information systems and networks were being compromised and how to better protect them. And that is just some of the current uses of digital forensics.

However digital forensics and incident response are still largely misunderstood outside of a very small and niche community, despite their uses in the much broader commercial, information security, legal, military, intelligence and law enforcement communities.

Many digital forensics and incident response courses focus on the techniques and methods used in these fields, which often do not address the core principles: what digital forensics and incident response are and how to actually make use of digital investigations and digital evidence. This course provides that. It serves to educate the users and potential users of digital forensics and incident response teams, so that they better understand what these teams do and how their services can be better leveraged. Such users include executives, managers, regulators, legal practitioners, military and intelligence operators and investigators. In addition, not only does this course serve as a foundation for prospective digital forensics practitioners and incident responders, but it also fills in the gaps in fundamental understanding for existing digital forensics practitioners who are looking to take their capabilities to a whole new level.

FOR308: Digital Forensics Essentials Course will prepare you team to:
  • Effectively use digital forensics methodologies
  • Ask the right questions in relation to digital evidence
  • Understand how to conduct digital forensics engagements compliant with acceptable practice standards
  • Develop and maintain a digital forensics capacity
  • Understand incident response processes and procedures and when to call on the team
  • Describe potential data recovery options in relation to deleted data
  • Identify when digital forensics may be useful and understand how to escalate to an investigator
  • If required, use the results of your digital forensics in court
FOR308: Digital Forensics Fundamentals Course Topics
  • Introduction to digital investigation and evidence
  • Where to find digital evidence
  • Digital forensics principles
  • Digital forensics and incident response processes
  • Digital forensics acquisition
  • Digital forensics examination and analysis
  • Presenting your findings
  • Understanding digital forensic reports
  • Challenges in digital forensics
  • Building and developing digital forensics capacity
  • Legality of digital evidence
  • How to testify in court
What You Will Receive With This Course

SANS Windows SIFT Workstation
  • This course uses the SANS Windows DFIR Workstation to teach first responders and forensic analysts how to view, decode, acquire, and understand digital evidence.
  • DFIR Workstation that contains many free and open-source tools, which we will demonstrate in class and use with many of the hands-on class exercises
  • Windows 10
  • VMWare Appliance ready to tackle the fundamentals of digital forensics
Fully working license for 120 days:
  • SAFE Block
  • Monolith Pro
Course USB
  • Media loaded with reports, white papers and appropriate example forms and documentation.
SANS DFIR Exercise Workbook
  • Exercise book with detailed step-by-step instructions and examples to help you master digital forensic fundamentals

Enquire

Start date Location / delivery
28 Feb 2022 Virtual Book now

Related article

At GIAC, we believe that hands-on testing is the future of cybersecurity certification. With five certification exams featuring CyberLive , and thr...