Espion - Information Risk and Compliance

  • Home
  • About Us
  • Our Services
  • Training
  • News & Events
  • Contact Us
  • Search Courses
  • Schedule
  • List all Courses
  • Training by Track
  • Training by Department
  • Training by Certification

Essentials of a Computer Forensics Examination Workshop - ESP-A-013

Home > Security Training > Course

  • Track: Technical, Management.
  • Level: Awareness level - Provides a basic understanding of IT security responsibilities relative to a particular role
Overview

This workshop highlights the fundamentals of the computer forensics process. It gives an insight as to how the computer forensic process is approached, the methodologies involved and an understanding of the nature of the evidence. Through this workshop organisations can better prepare themselves for incidents and be able to respond to them without contaminating the evidence.

Outline

Computer forensics is the practice of collecting, analysing and reporting on digital information in a way, which is legally admissible. It can be used in the detection and prevention of crime and in any dispute where evidence is believed to be stored digitally. Computer forensics has comparable examination stages to other forensic disciplines and faces a number of unique challenges.

  • Readiness
  • Evaluation
  • Collection
  • Analysis
  • Presentation
  • Review

This course is suitable for

This course will suit anyone who deals with personnel and disciplinary issues within an IT environment, i.e. IT, HR, Management. This course will also suit anyone responsible for acquiring evidence.

Course duration
1 day - The course begins daily at 9.30 and ends at 17.00 on each day. This can be tailored to meet client’s specific requirements.
Course cost

€695. This includes courseware, refreshments and lunch on the day.

Course dates
Wednesday 21 October 2009 Book now
Ireland - Dublin
Saturday 5 December 2009 Book now
Ireland - Dublin
Register your Interest.
Course location

On-Site / Espion Training Centre

Content

Unit 1: Introduction ACPO Guidelines
For evidence to be admissible it must be reliable and not prejudicial, meaning that at all stages of this process admissibility should be at the forefront of a computer forensic examiner’s mind. One set of guidelines, which has been widely accepted, to assist in this is the Association of Chief Police Officers Good Practice Guide for Computer Based Electronic Evidence or ACPO Guide for short. Although the ACPO Guide is aimed at United Kingdom law enforcement its main principles are applicable to all computer forensics in whatever legislature.

Unit 2: Readiness
For examiners there are many areas where prior organisation can help, ranging from training, regular staff testing and verification of software and equipment, familiarity with legislation, how to deal with unexpected issues (i.e., what to do if child pornography material is present) and ensuring that your on-site acquisition kit is complete and in working order.

Unit 3: Evaluation
The evaluation stage includes the receiving of clear instructions, risk analysis and allocation of roles and resources. Risk analysis may include an assessment on the likelihood of collateral intrusion or false accusation and how this would be best dealt with.

Unit 4: Collection
If acquisition of evidence is to be carried out on-site as opposed to in a computer forensic laboratory then this stage would include identifying, securing and documenting the scene. Interviews or meetings with personnel who may hold information which could be relevant to the examination may be held. Note: The evidence is at this stage preserved. And the target machine can be removed.

Unit 5: Analysis
Analysis is dependent on the specifics of each situation, and the scope of a given investigation.  Specialised forensic tools are deployed and it would be usual for the examiner to provide feedback during analysis to the instructing party and from this dialogue analysis may take a different path or be narrowed to concentrate on specific areas. Analysis must be accurate, thorough, impartial, recorded and repeatable.

Unit 6: Presentation
This stage usually involves the examiner producing a structured report on their findings which addresses the points received in the initial instructions along with any subsequent instructions and would also cover any other information which the examiner deems of relevance to the investigation.

Unit 7: Review
A review of an examination can be simple and quick to carry out, and can begin during any of the above stages. It may include a basic ‘what went wrong and how can this be improved’ and a ‘what went well and how to incorporate it in future examinations’.  Any lessons learnt from this stage should be applied to the next examination and should be fed into the readiness stage.

Unit 8: Practical Workshop
Participants will get a chance to work with various acquisition and analysis tools over an uninterrupted 2-3 hour session. 

IRELAND

  The Penthouse, Block 2, Deansgrange Business Park, Deansgrange, Co. Dublin. | T: +35312101711 | F: +35312101678 | E: info@espion.ie

SCOTLAND

  7/9 North Saint David Street, Edinburgh, EH2 1AW. | T: +44 (0) 131 524 9450 | F: +44 (0) 131 524 9451 | E: info@espion.co.uk

UNITED KINGDOM

  Empress Buildings, 380 Chester Road, Manchester, M16 9EA. | T: +44 (0)870 759 0030 | E: info@espion.co.uk