High Tech Crime Network

The mission of the High Tech Crime Network is to achieve the most valuable and recognized certifications for our members, through a comprehensive process that verifies an applicant's training and experience, while enforcing the highest standards of certification requirements, diligent enforcement of our policies, procedures and code of ethics.

HTCN
High Tech Crime Network

Digital Forensic Academy Five Day Course Agenda

Day One:

Intro to Computer Forensics
Interacting With Attorney’s & Clients
Understanding the Role of an Expert Witness
Electronic Discovery & Electronically Stored Information
Ethics in Computer Forensics
The Business of Computer Forensics
Building a Forensic Lab

The Forensic Process
Anti-Forensics
Forensic Image vs Backup
Importance of Chain of Custody
Documenting the Forensic Acquisition
Understanding Write-Blockers
Intro to Forensic Acquisition
Types of Forensic Images
Intro to Forensic Analysis
Authoring Forensic Reports

Day Two:

The Operating System

Understanding the Windows Operating System
Understanding the Windows Registry

The File System:

Understanding Files & File Signatures
Understanding Compound Files
Understanding Allocated Space of the Hard Drive

Understanding Unallocated Space of the Hard Drive
Understanding File Slack
Understanding File Extensions to Identify Files (Mail, Docs, Spreadsheets)
Understanding Meta Data
Understanding EXIF Data

Storage Media

Anatomy of a Hard Drive
How Data is Stored on the Media
How Data is Written to the Media
How Data is Read from the Media

Forensic Tools

Forensic Workstation Utility
RIMTECH
Encase Overview
Forensic Tool Kit Overview
Internet Evidence Finder Overview
Discovery Attender

Understanding Cell Phone Technology

Cellebrite Overview
IEF Imager Overview

Day Three:

Intro to Computer Forensics

Understanding Forensic Images
Understanding Forensic Image Types
Imaging vs Preview
Creating a Forensic Image of a Windows Installed Hard Drive Using Encase
Creating a New Case & Adding the Forensic Image to Encase
Creating a Forensic Image of a Windows Installed Hard Drive Using Forensic Tool Kit
Creating a New Case & Adding the Forensic Image to the Forensic Tool Kit
Creating a Forensic Image of a Windows Installed Hard Drive Using Raptor
Restoring an Image to a Hard Drive
Searching for & Reviewing Graphic Images in Encase
Creating a Forensic Image of a Windows Installed RAID5
Creating a New Case & Adding the RAID5 Forensic Image to Encase
Creating a Forensic Image of a Windows Installed Encrypted Hard Drive
Creating a Forensic Image of an MAC OS Installed Hard Drive Using Macquisition
Creating a Forensic Image of an IOS Device
Creating a Forensic Image of Cell Phones

Day Four:

Overview of the Encase Forensic Software

Reviewing Files & Placing Them in Order Based on Single or Multiple Keys
Exporting Evidential Files Out of the Forensic Image
Understanding & Applying Filters
Mounting Files
Recovering Lost Folders
Analyzing File Signatures
Searching Allocated & Unallocated Space
Searching for & Recovering Graphic Images in the Unallocated Space
Understanding the USBStor
Understanding & Running Enscripts
Understanding & Running Case Processor

Day Five:

Encase Forensic Analysis Continued

Bookmarking Relevant Information
Exporting Booked Marked Items
Understanding & Finding File Shredding Signatures
Creating & Exporting Encase Reports

Cellebrite

Creating A Case
Searching & Reviewing
Creating Reports

Internet Evidence Finder

Creating A Case
Searching & Reviewing
Creating Reports

Written Test

Practical Test