Computer and Mobile Forensics Training Boot Camp

Course introduction

• Computer forensics and investigation as a profession
• Define computer forensics
• Describe how to prepare for computer investigations and explain the difference between law enforcement agency and corporate investigations
• Explain the importance of maintaining professional conduct

Digital evidence — legal issues

• Identifying digital evidence
• Evidence admissibility
• Federal rules of evidence
• Daubert standard
• Discovery
• Warrants
• What is seizure?
• Consent issues
• Expert witness
• Roles and responsibilities
• Ethics
• (ISC)²
• AAFS
• ISO

Investigations

• Investigative process
• Chain of custody
• Incident response
• E-discovery
• Criminal vs. civil vs. administrative investigations
• Intellectual property
• Reporting
• Quality control
• Evidence management
• Current computer forensics tools and hardware

Forensic science fundamentals

• Principles and methods
• Forensic analysis process

Hardware

• Storage media
• Operating system

File systems

• File systems
• Erased vs. deleted
• Live forensics

File and operating system forensics

• Keyword searching
• Metadata
• Timeline analysis
• Hash analysis
• File signatures
• Volume Shadow Copies
• Time zone issues
• Link files
• Print spool
• Deleted files
• File slack
• Damaged media
• Registry forensics
• Multimedia files
• Compound files

Web and application forensics

• Common web attack vectors
• Browser artifacts
• Email investigations
• Messaging forensics
• Database forensics
• Software forensics
• Malware analysis

Network forensics

• TCP/IP
• Types of attacks
• Wired vs. wireless
• Network devices forensics

Packet analysis

• OS utilities
• Network monitoring tools

Anti-forensics

• Hiding
• Steganography
• Packing
• Hidden devices (NAS)
• Tunneling/Onion routing
• Destruction
• Spoofing
• Log tampering
• Live operating systems

New & emerging technology

• Legal issues (privacy, obtaining warrants)
• Social networks forensics
• Types of social networks
• Types of evidence
• Collecting data
• Virtualization
• Virtualization forensics
• Use of virtualization in forensics
• Cloud forensics
• Types of cloud services
• Challenges of cloud forensics
• Big data
• Control systems and IOT

Mobile forensics introduction

• Types of devices
• GPS
• Cell phones
• Tablets
• Vendor and carrier identification
• Obtaining information from cellular provider
• GSM vs. CDMA
• Common tools and methodology

Mobile forensics process

• Mobile forensics challenges
• Types of evidence found on mobile devices
• Collecting mobile devices at the scene
• Comparison of mobile operating systems
• Data acquisition methods
• Reporting findings

Android forensics

• Android platform
• Android security model
• Bypassing Android security features
• Android logical data acquisition and analysis
• Android physical data acquisition

iOS forensics

• Apple iOS platform
• iOS security
• Bypassing iOS security features
• iOS data acquisition and analysis
• iPhone/iCloud backups
• iOS data recovery techniques

Windows phones

• Windows Phone OS: partitions and filesystems
• Windows Phone security features
• Windows Phone logical acquisition and analysis
• Windows 10 mobile OS forensics

Feature phones forensics

• Acquiring and examining data from feature phones