Computer Forensics Fundamentals (CFF)
The aim of this course is to introduce the main concepts of forensics as applicable to the field of computer science, with particular emphasis on the application of computer forensics procedures in Digital Investigations.
The course provides students with the fundamentals of digital investigation and methodologies for addressing different incident scenarios. Together with the presentation of the highest International Benchmarks (NIST802, SANS, RFC3225, ISO17799 and others), methodologies are described paying special attention evidence acquisition and analysis of persistent data storage media and network dumps. Procedures for live acquisition and analysis of volatile information are also described. Forensic duplication procedures of original data storage media during Post Mortem Acquisition and Analysis, their labeling and storage, as well as the various software and hardware technologies on the market are described in depth. The second part of the course includes investigation methodology linked to the gathering, analysis and storage of network dumps and log files. The Italian regulatory framework is described and analyzed (Law 196/2003, Law 231/2001, Ratification of the Budapest Convention), which regulates digital content impoundment and analysis and required documentation for guaranteeing the validity of forensic operations. The course uses DFLabs Digital Investigation Manager (D.I.M.), a new tool for the management of acquisition procedures and digital investigations.
Duration Computer Forensics Fundamentals CFF Training: 2 days
Optional: participation in an introduction to the Linux Operating System.