OVERVIEW

This 2-day course is designed for corporate and government investigators who want to gain a basic understanding of best practices in digital forensics acquisition and analysis, as well as learn specific skills through practical, hands-on exercises.

ACQUISITION AND ANALYSIS OF DIGITAL EVIDENCE

Today’s digital landscape presents a variety of challenges for investigators looking to uncover potentially criminal behavior in business or government environments. Vast computer networks, different operating systems, malware, software discrepancies, advanced cell phone technology and varying file formats make for an almost overwhelming task for an investigator charged with examining computer crimes and abuse such as fraud, employee misconduct or identity theft. To help investigators meet the challenges presented by modern technology, participation in this Forensic Acquisition and Analysis class can be an invaluable tool.

“LEARN BY DOING” APPROACH

All of our courses are designed to teach you not only the theory, but the practical skills that you can immediately employ upon return to your office or lab. Throughout the duration of Forensic Acquisition and Analysis, you will learn the fundamentals of digital forensic techniques, including evidence acquisition and data analysis. Instead of endless lectures, we balance our instruction by emphasizing hands-on experience in a team-based environment that enables all students to keep pace. From the first day of class, you will be learning by doing computer forensics.

TOPICS COVERED

• Forensic Imaging
• Acquisition of Digital Evidence
• Preservation of Digital Evidence
• File Storage in FAT and NTFS
• Deletion / Recovery of Files in FAT and NTFS
• Impact of Fragmentation / Overwritten Files
• Resident vs. Non-resident File Recovery
• Keyword Searches Overview
• Email Client Email Analysis (PST, EDB, DBX)
• Internet History Analysis:
• Netanalysis and EnCase Hands-on
• Internet Browser Clients

WHAT YOU’LL LEARN

Upon successful completion of Forensic Acquisition and Analysis, you will be able to immediately apply investigative principles and techniques for digital forensic investigations of Windows-based computers. You will learn through hands-on practical exercises using commercial and open source tools to acquire, analyze and verify your results while learning best practices for handling digital evidence, maintaining chain of custody and reporting findings.

ABOUT THE TRAINER – STEVE ANSON

Prior to becoming a Director at Forward Discovery, Steve Anson was a special agent with the Department of Defense criminal Investigative Service, where he investigated cyber attacks against its global Information grid, the world’s largest computer network. In this role, he oversaw international computer crime investigations with substantial impact to America’s national security.

Anson also previously served as an instructor for the Federal Bureau of Investigation, where he trained hundreds of veteran FBI cyber-crime agents in the investigation of computer network intrusion and other computer crimes. In this role, Anson also trained agents for the U.S. Secret Service, the Naval Criminal Investigative Service, the Department of Energy, the U.S. Air Force, the Defense Criminal Investigative Service, the U.S. Army and many international agencies.

As a Task Force Agent for the FBI, Anson had the opportunity to conduct investigations into international espionage, computer network intrusions, domestic and international terrorism, fraud, crimes against children and other cases involving the criminal use of computers. In his experience as an instructor for the U.S. State Department, Anson trained law enforcement, prosecutors and judges in a wide range of countries, including Kazakhstan, Egypt, Jordan, Senegal and Bangladesh, in cyber crime investigation and computer forensics, helping these nations establish a cyber investigative capability.

Throughout his career, Anson has received a number of industry credentials, which include: certified Information Systems Security Professional (CISSP), Encase® certified Examiner (EnCE®), Microsoft Certified Systems Engineer (MCSE), Department of Defense Certified Computer Crime Investigator and Seized Computer Evidence Recovery Specialist (SCERS). Anson is the co-author of Mastering Windows Network Forensics and Investigations from Wiley Publishing.