Digital Forensic is a branch of Forensic Science. Digital Forensic means, finding evidence from digital media and information. It is an investigation process, in which forensic experts try to find clues related to a particular cybercrime. If we talk about industry, there is need of Digital Forensic experts to investigate the computer systems of employees for data recovery processes and to investigate that cyber activities, which are against the policies of a company. This is just a small example. Digital Forensic Process mainly have three stages: (i) Image Acquisition (ii) Analysis (iii) Reporting.
Acquisition is a process of making duplicate image of volatile memory in any hardware based system. If we have to investigate a computer system, we will make an image of its RAM (Random Access Memory). It is a must for further digital forensic process. Analyzing is the phase of investigation. With the help of tools and by using a number of methodologies, forensic experts collects the evidences. Recovering a data from burned and crashed Pen Drive is also a part of Analyzing. After collecting evidences and completing the investigation process, forensic experts presents the data in form of report.
CDI- CDFE (Certified Digital Forensic Expert) is a one month training program of CDI, in which security geeks and IT professionals will learn Digital Forensic. It is playing a great role in the domain of cyber security. To investigate every cyber-attack, there is need of security researchers and forensic experts.
1. Candidates will learn how to investigate a web browser and USB devices to collect digital evidences.
2. Attendees will lean how to analyze memory of a both windows and Linux based computer system.
3. All the candidates will learn, how law is playing its role in evidence acquisition process of Digital Forensics.
4. Investigation of a network system is also a part of Digital Forensics. Candidates will also learn how we can investigate a particular network system to collect digital information about a case.
5. Encase and Volatility are the most used tools of Digital Forensics. In this training program, candidates will learn why these tools are helpful in digital investigation.
6. Attendees will learn, how to collect information from digital devices such as hard disk, USB, Card Readers, Memory chips and floppy disks. This process is called disk based forensic.
7. All the candidates will learn how to sniff data packets of a particular network system. It is a process of extracting raw information of a data packet to collect digital information.
8. Attendees will learn 6 A’s of Digital Forensics (Assessment, Acquisition, Authentication, Analysis, Articulation and Archival).
1. How to investigate Digital Storage Media (USB, Hard Drive and Floppy Disk Etc.) to collect digital evidences and information?
2. How to investigate a computer system by using Volatility and Encase Digital Forensic Tools?
3. Which tools of Linux and Windows are most important for accurate Digital Forensic Reports?
4. What is the role of 6 A’s (Assessment, Acquisition, Authentication, Analysis, Articulation and Archival) in digital forensics?
5. How to investigate a web browser and why it is important in Digital Forensics?
6. What Forensic tools are needed for different types of Digital Forensic? You can’t use a single tool everywhere.
7. How to recover deleted data of a computer system and digital media storage devices?
1. A good knowledge of Windows and Linux OS is a must for every candidate because digital forensic is an advance subject.
2. Proper understanding of networking protocols, memory management, OS File System and Kernel Architecture.
3. Candidates should be familiar with commands of Windows and Linux. Knowledge of different type of system files such as .dll, .exe, .mp3, .tgz, .gz, .txt and .ps files is also a must.
4. Attendees should be aware about latest cyber-attacks and black hat activities, which hackers are performing to breach databases and hack into computer systems.
CDI- CDFE (Certified Digital Forensic Expert) is a one month training program of CDI on Digital Forensics. The schedule of training will be as follow:
1. In the first 3 days of this training program, we will read what is Digital Forensics and its various stages, Basic Rules of Digital Forensics, Legal Issues and various Case Studies.
2. After discussing above topics, in next 3 days we read Incidence Response, Computer Forensics, Components of a hack, Different types of security threats, Forensics and IRM lifecycle, How to conduct an Initial Assessment, Investigation of an Incident, Formulating Response Strategy and Computer Forensics.
3. Disk Based Forensics, 6 A’s of Digital Forensics, Volatile Data, Dumping Memory, Imaging and Study of Imaging Tools will be our next topics. We will spend next 3 days in these topics. In our next 3 days we will read Basics of Network Forensics, Articulation and Chain of Custody. We will also discuss various case studies, related to these topics.
4. We will continue our training program by reading Windows Live Response, Volatile Data Analyzing, Non- Volatile Data Analyzing and Linux Live Response. We will spend 5 days on these topics. Process Memory Dumps, Analyzing of Running Processes, Log Analyzing, IIS Log Analyzing and Server Log Analyzing are the sub topics of above mentioned topics.
5. In next 2 days we will read Browser Forensics. Tracing Internet Activities, Study of IE Logs, Study of Brower Forensics tools (Web Historian, Pasco, Galleta and NetAnalysis) are sub topics of Browser Forensics.
6. Next we will study Network Forensics. We will read, Firewall Log Analyzing, Router Forensics, Intrusion Analysis and IDS Log Analysis. It is a syllabus of 2 days.
7. Disc Imaging, Registry Files Analysis, Memory Analysis, Forensic Analysis, Recovery of Deleted Data with Encase, Data Acquisition, Anti-Virus Forensics, RAM Forensics Tools and IT Acts is the syllabus of our remaining 10 days of this training program.