Difseco Training DIF01 Digital Forensics Foundations

LESSON 1: DEFINITION OF DIGITAL FORENSICS

• Digital Forensics Process

• Standard Policies and Procedures

• Chain-of-custody

• Case Managment Overview

LESSON 2: UNDERSTANDING BIT AND BYTES WITHIN DATA STORAGE

• Understanding Bits n Bytes

• Hexadecimal (HEX)

• Conversion between Hexadecimal, binary and decimal

• ASCII

• Unicode

LESSON 3: BASICS WITHIN WINDOWS OPERATING SYSTEM

• The Basics of Terminology

• Physical versus Logical file size

• File Systems quick overview

• FAT (File Allocation Table)

• FAT Volume File Slack

• NTFS (New Technology File System)

• Volume Bitmap $Bitmap within NTFS Volume

• Master File Table $MFT within NTFS Volume

LESSON 4: FORENSICALLY SOUND ACQUISITION CONCEPT

• Considerations and Approach

• Evidence File Formats

• Raw Images

• Evidence File Formats

• Cyclical Redundancy Check (CRC)

• Evidence File Format and Structure

• Hashing and Verification

LESSON 5: DIGITAL FORENSICS INVESTIGATION

• Case Setup using Magnet Forensics AXIOM Process

• Evidence Source Types

• Artifacts

• Navigating Magnet Forensics AXIOM Examine

• Digital Forensics Investigation Checklist and Overview

LESSON 6: CLOSING THE INVESTIGATION

• Things to consider

• Creating the Report

• Exporting and External Review

• Magnet Forensics AXIOM REVIEW