Hard Disks Forensics Investigation (HDFI)

Course Title:

Hard Disks Forensics Investigation (HDFI)

Course Duration:

12 Weeks – 2 Hours a Day, Monday to Friday

Course Objectives:

The Course is designed to provide fundamental skills needed to conduct hard drives forensics investigation and understanding the file systems, graduates will learn the basic techniques required in data acquisition and duplication from Hard Disk. The course will also cover the basic concept for Recovering Deleted Files and Deleted Partitions.

Course Contents:

  1. Understanding Hard Disk and File Systems
    • Hard Disk Drive Overview
    • Disk Partitions and Boot Process
    • File System Analysis using the Sleuth Kit (TSK)
    • RAID Storage System
    • Understanding File Systems
  2. Data Acquisition and Duplication
    • Data Acquisition and Duplication Concept
    • Data Acquisition Types
    • Disk Acquisition Tool Requirements
    • Validation Methods
    • RAID Data Acquisition
    • Acquisition Best Practices
    • Data Acquisition Software Tools
    • Data Acquisition Hardware Tools
  3. Recovering Deleted Files and Deleted Partitions
    • Recovering the Deleted Files
    • File Recovering Tools for Windows
    • File Recovering Tools for Mac
    • Partition Recovering Tools
    • Recovering the Deleted Partitions
    • Files Recovering Tools for Linux
  4. Forensics Investigation Using AccessData FTK
    • Overview and Installation of FTK
    • FTK Case Manager User Interface
    • FTK Examiner User Interface
    • Starting with FTK
    • FTK Interface Tabs
    • Adding and Processing Static, Live and Remote Evidence
    • Using and Managing Filters
    • Using Index Search and Live Search
    • Decrypting EFS and Other Encryption Files
    • Working with Reports
  5. Investigative Reports
    • Computer Forensics Reports
    • Computer Forensics Reports Template
    • Investigative Report Writing
    • Sample Forensics Report
    • Report Writing Tools
  6. Becoming an Expert Witness
    • Expert Witness
    • Types of Expert Witness
    • Scope of Expert Witness Testimony
    • Evidence Processing
    • Rules for Expert Witness
    • General Ethics While Testifying

    Student Learning Outcome

    Upon successful completion of the courses graduates will be able to understand the process of investigating cyber crime, laws involved, and the details in obtaining a search warrant, different types of digital evidence, rules of evidence, digital evidence examination process, and electronic crime and digital evidence consideration by crime category, roles of first responder, first responder toolkit, securing and evaluating electronic crime scene, conducting preliminary interviews, documenting electronic crime scene, collecting and preserving electronic evidence, packaging and transporting electronic evidence, reporting the crime scene, hard disks and file systems, data acquisition and duplication, how to recover deleted files and deleted partitions in windows, Mac OS X and Linux.

    Target Group:

    Forensics Analysts, Penetration Testers, Auditors, Law Enforcement Personnel, Defense and Military personals, Legal Professionals, Bankers, Security Professionals, Managers, Operational Personnel who have security as their primary job function, IT Engineers and Supervisors, Administrators, and anyone who is concerned about the integrity of the network infrastructures.

    Admission Requirements:

    Attending this course individual must have strong foundation in Information and Network Security. For those that are brand new to the field with no background knowledge, Certificate in Information and Network Security (CINS) would be the recommended starting point.

    Course Fee

    Tsh. 620,000/=

    Group Arrangement:

    TZS 85,000 per hour for group of 10-20 people
    Duration: 15 days; 8 hours a day

    Download Application Form for this Course