After completing this course, students will be able to demonstrate how to acquire forensically sound evidence, check evidence integrity, analyze and fix corrupted drives, analyze FAT32 and NTFS file systems, analyze different Windows artifacts, and finally write a report about their analysis.
Windows Basics: User SID + Recycle Bin, Thumbnails
LNK Files and Jump Lists
System and User Program Execution
Investigating USB Thumb Drives
Volume Shadow Copies & File History
Windows Scheduled Tasks
Ali Hadi is a Senior Cybersecurity Specialist with 15+ years of industrial experience in Information Technology (IT), currently working as a full-time professor and researcher for both the Computer and Digital Forensics and Cybersecurity Departments at Champlain College, USA. Ali is also a Co-Founder and the Chief Technology Officer at Cyber 5W. Ali provides consulting in several areas of security including digital forensics and incident response, cyber threat hunting, and penetration testing. Ali is also an author, speaker, and freelance instructor where he delivered technical training to law enforcement agencies, banks, telecoms, private companies, and other institutes. Ali's research interests include digital forensics, incident response, adversary emulation, and offensive security. More details could be found here. https://www.ashemery.com/bio.html
Why you should get the CCDFA certificate?
CCDFA is the only certification that will truly assess your skills in multiple domains, all using a single certification-process.
CCDFA includes more than 35 hands-on labs that cover skills related to the basic of digital forensic, disks, file systems, and Windows.
Evaluated by Experts
CCDFA requires students to take a practical assessment and submit a report for the expert committee to evaluate.
After completing this course, you are expected to:
Understand the fundamentals of digital forensic investigations
Demonstrate correct methods of evidence gathering
Learn how to extract file metadata and analyze files using a hex-editor
Summarize the analysis results and write investigative reports
Ability to analyze and fix corrupted disks
Ability to analyze FAT32 and NTFS file systems, plus recover and carve files from raw data
Ability to investigate Windows System Artifacts
Investigating Windows Program Execution Artifacts
Investigating Windows Registry and Windows Shellbags
Ability to analyze Windows Events Logs, Scheduled Tasks, and different Windows Applications (e.g. Skype, One Drive, etc)
This course assumes no previous knowledge in digital forensics, however basic knowledge in computer science or any related field is highly desirable.
Who is this Certificate For?
Anyone who wants to start a career in digital forensics, SOC team members, incident response handlers, red team members, malware analysts, and anyone who is curious to know about digital forensics and wants to learn something new.
what you need to for the course
1. Computer or laptop with a Linux/Windows/Mac Operating System.
2. Capability of running virtualization software such as VMWare or VirtualBox.
3. More than 100 GB of disk space for the Virtual Machines and Forensic Images used.
Info you need to know to get a refund
Full refunds will be provided up to 14 days before the course start date. You are allowed to change the course schedule up to 10 days before the course starts.
Our live training sessions are not recorded or contain pre-recorded videos, they are run directly with the instructor. If you have any further inquiries regarding our training courses, please reach us at firstname.lastname@example.org.