Training‎ > ‎

Forensics Fundamentals

IT Forensics Fundamentals.  

In this class we will cover the basics of forensics procedures:

Phases of Computer Evidence
  • Collection
  • Preservation
  • Filtering
  • Presentation

Physical Scene
  • Search
  • Documentation
  • Seizure

Understanding Evidence
  • Gathering
  • Handling
  • Documenting
  • Rules of Evidence
  • Evidence Dynamics

Interviews
  • Questions that should be asked
  • Documenting interviews
Volatile Data and Computer State
  • When to cleanly shutdown
  • When to pull the plug
  • When volatile data must be captured

Digital Images
  • Creating digital images that are forensicly sound
  • Documenting digtial images
  • Searching slack space
  • Carving files
  • Understanding Metadata

Building a Case
  • Documenting results
  • Building a report

Slides:

IT Forensic Fundamentals


Files:

Comments