TRAINING CATEGORIES
(Click Category to List Courses)

42 - IT-S Information Technology - Security and Audit


IT-S 129B - Digital Forensic and Incident Response (DFIR) (10 Days)

Code Start Date Duration Venue
IT-S 129B 09 December 2024 10 Days Istanbul Registration Form Link
IT-S 129B 06 January 2025 10 Days Istanbul Registration Form Link
IT-S 129B 10 February 2025 10 Days Istanbul Registration Form Link
IT-S 129B 07 April 2025 10 Days Istanbul Registration Form Link
IT-S 129B 16 June 2025 10 Days Istanbul Registration Form Link
IT-S 129B 28 July 2025 10 Days Istanbul Registration Form Link
IT-S 129B 22 September 2025 10 Days Istanbul Registration Form Link
IT-S 129B 17 November 2025 10 Days Istanbul Registration Form Link
IT-S 129B 22 December 2025 10 Days Istanbul Registration Form Link
Please contact us for fees

 

Course Description

Training is given by experienced and professional people in their field, and the training contents are constantly updated according to the developing technologies and perspectives. The training course is prepared according to current internationally accepted standards, and interesting and entertaining with high-quality content that makes participants interactive. Anyone who completes the training can start to apply their knowledge and skills they have learned immediately.

In addition to the theoretical information, comprehensive practical exercises next to theoretical knowledge are performed in the training to ensure for reinforcement and practical gain of the participants. The main purpose of the training is not only to use software and try to understand the results by pressing certain buttons, but also to gain the ability to interpret and analyze raw data both theoretically and practically. 

Course Objectives

  • Understanding Incident Response (IR) 
  • Managing Cyber Incidents, Incident Scene Management
  • Examining a Sample Case with Autopsy and Beklasoft Evidence Center
  • Recovering Files from Forensic Images, File Carving, Data Recovery

Who Should Attend?

  • Police and other laws enforcement personnel
  • Defense and military personnel
  • E-Business security professionals
  • Systems administrators
  • Legal professionals

Course Details/Schedule

Day 1

  • Understanding Incident Response (IR) 
  • IR Process, 
  • IR Framework
  • IR Plan
  • IR Playbook/Handbook
  • Testing IR Framework
  • Methodology of Digital Forensics, Digital Evidence Concept
  • Code Of Criminal Procedure, Penal Code
  • Law and Regulations
  • Legal Authority
  • Evaluation of Data as Digital Evidence
  • Rules of Evidence
  • Incident Response (IR)

Day 2

  • Managing Cyber Incidents, Incident Scene Management
  • CSIRT Models
  • SOAR
  • Communication in Crisis
  • Preparation Phase for Incident Response (IR)
  • Identification, Scoping, and Initial Event Analysis
  • Choosing Investigation Methodology
  • Creating an Investigator Software Toolkit
  • Choosing and Creating an Investigator Hardware Toolkit (Cameras, HDD/SSD Adapters, Cables, Screwdriver Sets, etc.)
  • Search And Seizure Phase for Incident Response (IR)
  • Digital Evidence Collection
  • Write Protection Concept, Forensic Image Acquisition
  • Write Blockers
  • Hardware Imagers
  • Software Imagers
  • Understanding Forensic Imaging
  • HPA and DCO
  • Image Acquisition
  • RAW DD Format, e01, and Other Image Files

Day 3

  • Live Forensics Concept and Applications
  • Order of Volatility
  • First Controls
  • Checking Disk Encryptions
  • Acquisition of Volatile Data and RAM
  • RAM Imagers, PSTools, Command Line Tools, Port Scanners, Autoruns, System Explorer, etc.
  • Acquisition of Non-Volatile Data 
  • Triage Tools and How to Use
  • Logical vs Physical Image
  • Pagefile.sys and Hiberfil.sys
  • Analyzing System Memory
  • Volatility, Redline
  • Unorthodox Image Acquisition Methods, Cloud Data, Remote Image Acquisition, Multi-Drive Storage Devices, and Network Image Acquisition

Day 4

  • Processing of Acquired Image File
  • Data Types
  • Process Types 
  • Examining a Sample Case with Autopsy and Beklasoft Evidence Center
  • Hash Concept and Usage, 
  • Hash Types
  • Hashing a file
  • Running Hash Analysis
  • File Signature Analysis, File Analysis
  • Windows File System
  • FAT, ExFAT and NTFS
  • Filename, Metadata, and Data Layers
  • Sector and Clusters
  • Data Allocation and Slack Area
  • MBR and GPT
  • $MFT
  • Zone.Identifier
  • Volume Shadow Copy

Day 5

  • Recovering Files from Forensic Images, File Carving, Data Recovery
  • Timestamps and Timelines
  • Timeline Analysis
  • Internet History Analysis
  • GREP Search, YARA and SIGMA
  • Malware Analysis for IR
  • How to use GREP Search
  • How to use YARA for Malware Analysis
  • How to use SIGMA for Event Log Analysis
  • Reporting
  • What to Document
  • Executive Summary
  • IR Report / Forensic Report

Day 6

  • Special procedures (Mobile Devices, Cloud Data, Portable Computers, Portable Storage Media, GPS Devices, Digital Cameras, Servers, IoT Devices, Game Consoles, Smart Home Devices, Security Cameras, Virtual Wallets, Vehicles)
  • Forensic Image Mount for Scanning
  • OSFMount and Malware Scanning
  • Recycle Bin Examination
  • Artifacts Examination
  • Meta Data 
  • Meta Data vs File System Data
  • EXIF Info
  • Prefetch Files, Shortcuts/(.lnk) , Jump List , Thumbnail Caches
  • Encrypted Files
  • Finding Encrypted Files
  • Basic Password Recovery Techniques

Day 7

  • Adding Forensic Acquisitions/Images to Virtual Machines
  • Web Browser Forensics
  • Chrome, Firefox, Edge and Other Browser Artifacts
  • E-mail and E-mail Header Analysis
  • Structure and Protocols
  • Header Examination
  • Sender’s Geolocation and Time Zone
  • HEX
  • Decimal, Hexadecimal, Binary Concepts and Calculations

Day 8

  • Mobile Devices
  • Mobile Operating Systems (Android, iOS)
  • Android File Hierarchy
  • HFS Plus and APFS Filesystems
  • Mobile Device Acquisition and Data Analytics
  • Challenges in Mobile Forensics
  • The Make, Model, and Identifying Information For The Device
  • Preparation And Isolation Phase
  • Manual Extraction, Logical Analysis, Hex Dump, Chip-Off
  • Physical Acquisition 
  • Logical Acquisition
  • Android and iOS Screen Lock Bypassing Techniques
  • Mobile Apps & Data Examination
  • Device Info, SMS, Chat Messages, etc.
  • Android Malware
  • Extracting An APK File from an Android Device
  • Android Apps Reverse Engineering Techniques  
  • Plist and SQlite Databases
  • Extracting a DB File from the Device
  • DB Examination

Day 9

  • Deep Dive to Windows Registry Analysis  (Part 1)
  • Windows Registry Structure
  • Registry Essentials
  • User/Group Information analysis (Name, RID, Login, Group, Password Policy)
  • Windows User Passwords
  • System Configuration Analysis
  • User Activity Analysis (
  • SAM, SECURITY, SYSTEM, SOFTWARE
  • Backup Hives
  • User Registry Hives
  • ShellBag
  • Last Write Time, MRU
  • Deleted Registry Keys/Values
  • Registry Explorer
  • Deep Dive to Windows Registry Analysis  (Part 2)
  • System Configuration
  • Windows Time Decoding Structure
  • CurrentControlSet
  • Computer Name
  • Time Zone Information and ActiveTimeBias
  • Last Access Time
  • Network Interfaces
  • Historical Networks
  • Network Profile Key
  • Shares and Offline Cashing
  • System Boot Autostart Programs
  • Shutdown Information
  • User Search History
  • Typed Paths
  • Office RecentDocs
  • LastVisitedMRU
  • OpenSaveMRU
  • Last Commands Executed
  • UserAssist Key

Day 10

  • Ransomware Preparation, Response and Investigation
  • Ransomware Types
  • Ransomeware Initial Access and Execution
  • Credential Access and Theft
  • Command and Control
  • Threat Intelligence and Hunting
  • Sandbox Types
  • YARA
  • ClamAV
  • Threat Intelligence Types
  • Sourcing Threat Intelligence
  • Maltego
  • MITRE ATT&CK Framework
  • Velociraptor
  • Digital Forensic Techniques for Hunting

 

ETABS and SAFE. Training 24 CCE 210 5 SAP 2000. Training 25 CCE 305 5 Quality Assurance in Pavement Construction 26 CCE 401 5 Construction Project Management 27 CCE 402 10 Construction Project Management (10 Days) 28 CCE 403 5 Construction Project Management-Intensive 29 CCE 405 5 Principles of Construction Project Management 30 CCE 406 10 Principles of Construction Project Management (10 Days) 31 CCE 410 10 Construction Project and Risk Management (10 days) 32 CCE 411 5 Project & Contract Management for Marine Construction 33 CCE 412 5 Application of GIS in Construction Management 34 CCE 415 4 Sustainable Water Management Techniques, Innovation and Solution (4 Days) 35 CCE 419 5 Construction Management of Hydraulic Projects 36 CCE 420 5 Water Project Management 37 CCE 421 10 Modern Technologies in the Supervision and Quality Control of Irrigation Projects and Dealing with Contractors (10 Days) 38 CCE 422 5 Rapid Earthquake Hazard Evaluation of Buildings 39 CCE 425 10 Practical Application of Computers in Structural Engineering (10 Days) 40 CCE 428 5 Survey & Profile Using Total Station 41 CCE 430 5 Bridge Construction and Maintenance 42 CCE 435 5 Bridge Inspection and Maintenance 43 CCE-A 410 10 إدارة المشاريع الهندسية -10 أيام
21 - TTC - Transportation and Traffic Control
22 - ADV - Architectural Design and Visualization
23 - SRM - Safety and Occupational Health
24 - CSM - Public Relations, Communication Skills & Office Management
25 - TEM - Training and Education Management
26 - CMR - Customer Relations