Forensic Informatics Training-3

Training Duration: 10 Days

Participant Profile:: IT Managers and Staff, IT Auditors, Legal Advisors and Lawyers, Information Security Experts and Managers, Expert Witnesses, Compliance Managers and Personnel, Academicians, Law Enforcement, etc.

Requirements:

Basic: Completion of “Forensic Informatics 1” and “Forensic Informatics 2” training and advanced computer usage knowledge.

Technical: Computers with at least an Intel i7 processor, SSD, and 16 GB RAM for practical applications.

Training Location: Fordefence Forensic Informatics Laboratory (Fordefence Adli Bilişim Laboratuvarı / ŞİŞLİ / İSTANBUL)

Training Methodology:

• Theoretical Knowledge
• Sampling
• Practical Exercises
• Case Studies
• Interactive Participation
• Participation Certificate

Description:

Forensic Informatics Training aims to enhance and develop the skills of forensic informatics professionals in network, internet, malware, file systems, RAM (memory) analysis, Macintosh and Linux operating systems, general informatics systems, and advanced forensic informatics techniques. Participants will learn the most sophisticated methods they might encounter in everyday life, acquiring detection and analysis skills for all needs.

Training Program:

Day 1

• Network Investigation
• Basic Network Investigation Tools: tcpdump and Wireshark
• Evidence Collection in Networks
• Hypertext Transfer Protocol (HTTP): Protocol and Logs
• Domain Name Service (DNS): Protocol and Logs
• Firewall, Intrusion Detection System, and Network Security Monitoring Logs
• Logging Protocols and Aggregation
• Open-Source Flow Tools
• File Transfer Protocol (FTP)
• Microsoft Protocols
• Simple Mail Transfer Protocol (SMTP)
• Wireless Network Investigation
• Encoding, Encryption, and SSL
• Man-in-the-Middle
• Case Study

Day 2

• Internet Investigations
• Internet Components (Domain Name, Hosting, etc.)
• Internet Protocols (TCP/IP, DNS, HTTP, HTTPS)
• Whois: Protocol, Servers, and Request Response Data
• Advanced Whois Queries: domaintools.com
• Internet Layers (WWW, Deepweb, Darkweb, etc.)
• VPN, Proxy, TOR
• Anonymity at Every Level
• Google Indexing Logic and Advanced Search Methods
• Google Dorks
• Web Page Viewing, Content Analysis (HTML, JS)
• Accessing Web Page Archives
• www Open-Source Research
• Social Media Research (Facebook, Twitter, Instagram, etc.)
• Instant Messaging Research (Skype, WhatsApp, etc.)
• Open-Source Monitoring and Correlation

Day 3

• Malware Analysis
• Examination of Suspicious Programs’ Static Features
• Behavior Analysis in Windows Programs
• Static and Dynamic Analysis in Windows Programs
• Communicating with Malware
• Understanding x86 Assembly and Key Logic Structures
• Understanding Program Control Flow and Decision Points While Running
• Analyzing General Malware Behavior at the Windows API Level (Registry Changes, Keylogging, HTTP Communications, Droppers)
• Communication with Malicious Websites and Decryption of JavaScripts
• Analysis of Suspicious Documents (PDF, RTF, and Office Documents)
• Detection and Decompression of Packed Programs
• Code Injection and API Hooking
• Unpacking Code that Performs Process Hollowing
• Bypassing Methods that Detect Malware Analysis Tools

Day 4

• File System Investigation
• The Sleuth Kit
• Partition, Volume, and RAID
• File System Categories
• Content
• Metadata
• File Name
• Application
• Data Units (Sector, Cluster, Block, etc.)
• Data Storage
• Data Recovery
• Data and File Finding, Extraction
• FAT12, 16, and 32 File Systems Analysis
• NTFS Analysis
• Ext3/4 Analysis
• HFS Analysis

Day 5

• Macintosh Investigation
• HFS+ File System Analysis
• Mac and iOS Operating System Components
• Basic System Information
• User Data
• Event Log Analysis
• Timeline Analysis
• Used Tools
• Application Data Analysis
• Communication
• Apple Mail
• Calendar and Contacts
• Maps and Location Data
• Browser Investigations
• Other Structure Analysis
• Case Study

Day 6

• Linux Investigation
• ExtX File System Analysis
• Linux Distributions and Components
• Basic System Information
• User Data
• Event Log Analysis
• Timeline Analysis
• File Analysis
• Live Linux Analysis and Malware
• Case Study

Day 7

• Memory Investigation
• RAM Functioning Logic and Structures
• RAM Imaging Process, Methods, and Tools
• Evidence Collection from RAM
• Pre-Search Planning
• Unstructured Structures and Pagefile Analysis
• Process Analysis
• User Activity Analysis
• Examination of Internal Memory Structures
• Drivers, Windows Memory Table Structures, and PE Extraction
• Hibernation and Crash Dump Files Analysis

Day 8

• Advanced Forensics
• Cloud Investigations–Cloud Forensics
• Internet of Things Investigations–IoT
• Encrypted Area Analysis
• SCADA Investigations
• Anti-Forensics Techniques

Day 9

• IT Systems Investigation
• Threat Hunting in IT Systems
• Identifying Malware Persistence
• Remote or Corporate Incident Response
• Memory Imaging and Analysis for Incident Response
• Identifying Malware Execution
• Windows Shadow Volume Copy Analysis
• Techniques, Tactics, and Procedures (TTPs) for Expanding Unauthorized Access
• Log Analysis for Incident Response
• Memory Timeline Analysis
• File System Timeline
• Super Timeline Analysis
• Malware and Anti-Forensics Detection with NTFS
• Anti-Forensics Detection Methods
• Identifying Systems with Passive Malware

Day 10

• Forensic Informatics III Training Applications.

To view other trainings offered by Fordefence click here.