TRAINING CATEGORIES
(Click Category to List Courses)

42 - IT-S Information Technology - Security and Audit


IT-S 129 - Digital Forensic and Incident Response (DFIR)

Code Start Date Duration Venue
IT-S 129 14 October 2024 5 Days Istanbul Registration Form Link
IT-S 129 11 November 2024 5 Days Istanbul Registration Form Link
IT-S 129 09 December 2024 5 Days Istanbul Registration Form Link
Please contact us for fees

 

Course Description

Training is given by experienced and professional people in their field, and the training contents are constantly updated according to the developing technologies and perspectives. The training course is prepared according to current internationally accepted standards, and interesting and entertaining with high-quality content that makes participants interactive. Anyone who completes the training can start to apply their knowledge and skills they have learned immediately.

In addition to the theoretical information, comprehensive practical exercises next to theoretical knowledge are performed in the training to ensure for reinforcement and practical gain of the participants. The main purpose of the training is not only to use software and try to understand the results by pressing certain buttons, but also to gain the ability to interpret and analyze raw data both theoretically and practically. 

Course Objectives

  • Understanding Incident Response (IR) 
  • Managing Cyber Incidents, Incident Scene Management
  • Examining a Sample Case with Autopsy and Beklasoft Evidence Center
  • Recovering Files from Forensic Images, File Carving, Data Recovery

Who Should Attend?

  • Police and other laws enforcement personnel
  • Defense and military personnel
  • E-Business security professionals
  • Systems administrators
  • Legal professionals

Course Details/Schedule

Day 1

  • Understanding Incident Response (IR) 
  • IR Process, 
  • IR Framework
  • IR Plan
  • IR Playbook/Handbook
  • Testing IR Framework
  • Methodology of Digital Forensics, Digital Evidence Concept
  • Code Of Criminal Procedure, Penal Code
  • Law and Regulations
  • Legal Authority
  • Evaluation of Data as Digital Evidence
  • Rules of Evidence
  • Incident Response (IR)

Day 2

  • Managing Cyber Incidents, Incident Scene Management
  • CSIRT Models
  • SOAR
  • Communication in Crisis
  • Preparation Phase for Incident Response (IR)
  • Identification, Scoping, and Initial Event Analysis
  • Choosing Investigation Methodology
  • Creating an Investigator Software Toolkit
  • Choosing and Creating an Investigator Hardware Toolkit (Cameras, HDD/SSD Adapters, Cables, Screwdriver Sets, etc.)
  • Search And Seizure Phase for Incident Response (IR)
  • Digital Evidence Collection
  • Write Protection Concept, Forensic Image Acquisition
  • Write Blockers
  • Hardware Imagers
  • Software Imagers
  • Understanding Forensic Imaging
  • HPA and DCO
  • Image Acquisition
  • RAW DD Format, e01, and Other Image Files

Day 3

  • Live Forensics Concept and Applications
  • Order of Volatility
  • First Controls
  • Checking Disk Encryptions
  • Acquisition of Volatile Data and RAM
  • RAM Imagers, PSTools, Command Line Tools, Port Scanners, Autoruns, System Explorer, etc.
  • Acquisition of Non-Volatile Data 
  • Triage Tools and How to Use
  • Logical vs Physical Image
  • Pagefile.sys and Hiberfil.sys
  • Analyzing System Memory
  • Volatility, Redline
  • Unorthodox Image Acquisition Methods, Cloud Data, Remote Image Acquisition, Multi-Drive Storage Devices, and Network Image Acquisition

Day 4

  • Processing of Acquired Image File
  • Data Types
  • Process Types 
  • Examining a Sample Case with Autopsy and Beklasoft Evidence Center
  • Hash Concept and Usage, 
  • Hash Types
  • Hashing a file
  • Running Hash Analysis
  • File Signature Analysis, File Analysis
  • Windows File System
  • FAT, ExFAT and NTFS
  • Filename, Metadata, and Data Layers
  • Sector and Clusters
  • Data Allocation and Slack Area
  • MBR and GPT
  • $MFT
  • Zone.Identifier
  • Volume Shadow Copy

Day 5

  • Recovering Files from Forensic Images, File Carving, Data Recovery
  • Timestamps and Timelines
  • Timeline Analysis
  • Internet History Analysis
  • GREP Search, YARA and SIGMA
  • Malware Analysis for IR
  • How to use GREP Search
  • How to use YARA for Malware Analysis
  • How to use SIGMA for Event Log Analysis
  • Reporting
  • What to Document
  • Executive Summary
  • IR Report / Forensic Report

 

ETABS and SAFE. Training 24 CCE 210 5 SAP 2000. Training 25 CCE 305 5 Quality Assurance in Pavement Construction 26 CCE 401 5 Construction Project Management 27 CCE 402 10 Construction Project Management (10 Days) 28 CCE 403 5 Construction Project Management-Intensive 29 CCE 405 5 Principles of Construction Project Management 30 CCE 406 10 Principles of Construction Project Management (10 Days) 31 CCE 410 10 Construction Project and Risk Management (10 days) 32 CCE 411 5 Project & Contract Management for Marine Construction 33 CCE 412 5 Application of GIS in Construction Management 34 CCE 415 4 Sustainable Water Management Techniques, Innovation and Solution (4 Days) 35 CCE 419 5 Construction Management of Hydraulic Projects 36 CCE 420 5 Water Project Management 37 CCE 421 10 Modern Technologies in the Supervision and Quality Control of Irrigation Projects and Dealing with Contractors (10 Days) 38 CCE 422 5 Rapid Earthquake Hazard Evaluation of Buildings 39 CCE 425 10 Practical Application of Computers in Structural Engineering (10 Days) 40 CCE 428 5 Survey & Profile Using Total Station 41 CCE 430 5 Bridge Construction and Maintenance 42 CCE 435 5 Bridge Inspection and Maintenance 43 CCE-A 410 10 إدارة المشاريع الهندسية -10 أيام
21 - TTC - Transportation and Traffic Control
22 - ADV - Architectural Design and Visualization
23 - SRM - Safety and Occupational Health
24 - CSM - Public Relations, Communication Skills & Office Management
25 - TEM - Training and Education Management
26 - CMR - Customer Relations