At ASI, we are developing digital forensics training courses, and our first offerings will be Intro to Windows Forensics Analysis (4-5 June) and Timeline Analysis (18-19 June). Both courses will be held at our Reston, VA, training facility, and the online course descriptions can be found here. Both courses focus on Windows 7 as the platform being analyzed, but the tools and techniques discussed can also be used on other versions of Windows (XP, Win2003, Win2008, and even Windows 8).
The purpose of the Intro to Windows Forensic Analysis course is to provide analysts with a detailed understanding of forensic resources and artifacts that are available within a Windows 7 system, so that they can extend their analysis and findings. As versions of Windows have progressed, there have been more and more forensic artifacts automatically created as a user or as malware interacts with the operating system environment. As such, this introductory course is intended to give attendees an in-depth view of what resources are available and how they can be accessed for pertinent data. This course will also illustrate how the data can be used in a variety of instances to further develop the analyst's findings. The course offers several hands-on exercises where attendees will work with tools and actual data in order to develop their skills.
The purpose of the Timeline Analysis course is to provide attendees with a thorough understanding of not only the benefits of timeline analysis, but also how to create a timeline, and how timeline analysis can be used to expedite and improve the overall analysis process. The course includes a number of hands-on, instructor-led exercises, and culminates in attendees creating their own timeline for analysis.
These courses are open to anyone. Attendees should be comfortable with working a command prompt and executing command-line interface (CLI) tools. The courses do not focus solely on the use of such tools, but several such tools are demonstrated and used by attendees so that they have a thorough understanding of the processes presented and discussed.
ASI will also be offering a 1-day course in Registry Analysis in the near future. Stay tuned for additional offerings, and feel free to contact us for more information, as well as if you have specific training needs.
No comments:
Post a Comment