Digital Forensics Fundamentals: Course Contents | ALC Training News

  • No comments

Day 1: Digital Forensics Introduction

  • Digital forensic process
  • Identification of evidence
  • Evidence handling principles
  • Order of volatility
  • Evidence preservation
  • Imaging basics
  • Analysis basics with Autopsy and X-Ways


  • Imaging using a write blocker, live CD, forensic duplicator
  • Mounting disk images
  • Examination with Autopsy


Day 2: Windows Disk Analysis

  • Introduction to file system forensics
  • Techniques for filtering and searching
  • Mapping of investigative questions to artefacts
  • Carving deleted content
  • Email activity
  • Web browsing historical activity
  • Chat rooms and activity
  • Evidence of access and execution
  • Tracking USB storage and file movement


  • Carving of deleted content
  • Tracking web browser history
  • Identifying files accessed


Day 3: Mobile Devices and Advanced Preservation

  • Volatile memory acquisition
  • Gleaning evidence from pagefiles and Random Access Memory (RAM)
  • Identifying and dealing with encryption
  • Identifying and preserving cloud services
  • Managing the case lifecycle


  • Acquisition and analysis of a phone
  • Acquisition and analysis of volatile memory
  • Extraction of chat and other artefacts from volatile memory

Deb Kirman