ANT0402

Digital forensics in OS and applications

Duration of training: 5 days

sign up for a course

description
course

The material of this course will allow listeners to study the processes, techniques, and tools for conducting forensic investigations of digital data from operating systems and applications. The course material also covers how to organize digital forensics processes and how they fit into the overall corporate cyber security architecture.

course audience

Engineers handling cyber security incidents; Digital forensics engineers.

prerequisites

Knowledge of operating systems architecture and operation at the ANT-OW101 and OL101 course levels, and knowledge of cyber security incident handling processes at the ANT0401 course level are required.

how it works
education

online course

The online course involves group classes with an instructor via video conferencing, in addition, homework and an exam.

for corporate clients

training for corporate clients includes online and self-study courses, as well as additional services required by corporate clients: organizing training plans for client departments, assessing the effectiveness of training, etc.

teacher
course

program
course

• Classification of cyber-attacks.
• Stages of a cyber-attack.
• Artefacts of cyber-attacks and their correlation.
• Process of conducting forensic investigations.
• Digital forensics tools.
• Principles of processing deleted and defective data.
• Reconstructing the chain of events from cyber-attack artefacts.
• Generating and analyzing indicators of compromise in digital systems.
• File system architecture.
• FAT, NTFS, Ext*, UFS, ReFS, APFS file systems.
• File system metadata analysis.
• OS loaders.
• Hard drives and their logical parts.
• Creating an exact copy of hard drive.
• Analyzing empty hard drive space.
• SleuthKit and Autopsy.
• Encase.
• Analyzing Windows registry.
• Swap and hibernation files.
• OS and applications history.
• OS logs analysis.
• Reconstructing the chronology of a cyber-attack.
• Analyzing processes and the files they use.
• Swap files.
• OS and applications history.
• OS logs analysis.
• Reconstructing the chronology of a cyber-attack.
• Analyzing processes and the files they use.
• Swap files.
• OS and applications history.
• OS logs analysis.
• Reconstructing the chronology of a cyber-attack.
• Analyzing e-mail activity.
• Analyzing web activity.
• Methods of retrieving information from RAM.
• Methods of retrieving information from processor registers and cache.
• Basic methods of analysing RAM dumps.
• Corporate cyber security architecture.
• Monitoring cyber security events and incidents.
• Responding to cyber security events and incidents.
• Organizing digital forensics processes.
• Embedding digital forensics processes into corporate cyber security processes.

Сourse purchase
options

individual

Cost — $1,550.00

Group online classes

Unlimited access to all the materials

Live webinars with teachers

Homework

Exam with certificate

To confirm course dates fill out the form.

SUBMIT YOUR APPLICATION

* By clicking “send”, you agree to the Terms of Service And Privacy Policy

corporate

Cost от $1,550.00

To obtain information about the final cost and clarify the date of the course, please fill out the form.

SUBMIT YOUR APPLICATION

* By clicking “send”, you agree to the Terms of Service And Privacy Policy