Description

The number of incidents being reported is rapidly increasing every year. Organizations need to respond to these incidents and investigate what, when, why, where, who, and how they happened. This requires special skills and knowledge in systems and how they operate. This is not a simple task that can be handled by an IT professional, but only those trained to acquire and analyze information in a forensically sound manner.

Cyber 5W Digital Forensic Analyst training will guide students on how to conduct digital investigations and write investigative forensic reports. This training uses an experiential learning process for training students, where students learn digital forensics by doing investigative tasks on real-world cases. Students will learn how to perform evidence acquisition and how to deal with disks and file systems, and then explore the forensic artifacts one may encounter when working with the Windows operating system. By completing this training, students are prepared to take the exam that leads to the Cyber 5W Certified Digital Forensic Analyst (CCDFA) certificate.

The full course contents has been published and new extra content is being added.

Training Delivery Details

Live Training: Instructor (40 hour) | Materials | Certification Exam

The course material includes over 55 Hands-on Labs and 50 Videos

All sessions starts from 9 AM to 5 PM (Eastern Time) or upon a mutual agreement

Pricing Options

Please make sure you select the enrollment schedule that works best for you. If none of these work and you are still interested in our training, please contact us.

  • C5W DIGITAL FORENSIC ANALYST - VIRTUAL LIVE TRAINING

    One Seat

    $2,250.00

    Buy Now

  • C5W DIGITAL FORENSIC ANALYST - VIRTUAL LIVE TRAINING

    5 Seats

    (Private Class)

    $10,940.00

    Buy Now

  • C5W DIGITAL FORENSIC ANALYST - VIRTUAL LIVE TRAINING

    10 Seats

    (Private Class)

    $16,960.00

    Buy Now

  • C5W DIGITAL FORENSIC ANALYST - VIRTUAL LIVE TRAINING

    Semester Based Training

    (6 Seats)

    $4,600.00

    Buy Now

Syllabus

After completing this course, students will be able to demonstrate how to acquire forensically sound evidence, check evidence integrity, analyze and fix corrupted drives, analyze FAT32 and NTFS file systems, analyze different Windows artifacts, and finally write a report about their analysis.

    Introduction to Digital Forensics

  • Evidence and Evidence Acquisition
  • Hashing and Validation
  • Mounting Your Evidence
  • File Analysis
    • Hexeditors
    • Signatures
    • Extension
    • Metadata
    • and Others
  • Time Zones and Dates (Timestamps)
  • Autopsy and other Tools
  • Writing a Report

    Working with Disks, Volumes, and File Systems

  • Disk Analysis (MBR & GPT)
  • Fixing Corrupted Disks
  • File Systems
    • Storage Units: Sectors and Clusters
    • Slack Space
    • and Other Subjects
  • Analyzing FAT32 File Systems
    • Volume Data Structures
    • Parsing Directory Entries
    • Parsing SFN and LFN Structures
    • Parsing Cluster Chains Manually
    • FAT32 Timestamps
  • Analyzing NTFS File Systems
    • Understanding the MFT File & Main NTFS Files
    • Parsing MFT Entries
    • Parsing Different Attribute Data Structures
    • Parsing Cluster Dataruns Manually
    • Fixup Arrays
    • Alternate Data Streams (ADS)
    • Soft Links, Hard Links, and Junctions
    • Working with USN Journals
    • NTFS Timestamps
  • Data and File Carving: Manual and Automated

    Windows Forensic Analysis

  • Windows Basics
    • Users and Groups
    • Parsing SID Manually
    • Recycle Bin
    • Thumbnails
  • LNK Files and Jump Lists
  • System and User Program Activity
    • Prefetch Files
    • UserAssist
    • Background Activity Moderator (BAM)
    • System Resource Usage Monitor (SRUM)
    • and Other Subjects
  • Windows Registry
    • Structure of Windows Registry
    • System Artifacts
    • User Artifacts
  • Investigating USB Thumb Drives
  • Analyzing Shellbags
  • Volume Shadow Copies & File History
  • Windows Events
  • Windows Scheduled Tasks
  • Windows Search

Instructor

Ali Hadi is a Senior Cybersecurity Specialist with 15+ years of industrial experience in Information Technology (IT), currently working as a full-time professor and researcher for both the Computer and Digital Forensics and Cybersecurity Departments at Champlain College, USA. Ali is also a Co-Founder and the Chief Technology Officer at Cyber 5W. Ali provides consulting in several areas of security including digital forensics and incident response, cyber threat hunting, and penetration testing. Ali is also an author, speaker, and freelance instructor where he delivered technical training to law enforcement agencies, banks, telecoms, private companies, and other institutes. Ali's research interests include digital forensics, incident response, adversary emulation, and offensive security. More details could be found here or contact him directly through twitter here.

CCDFA Certificate

Why you should get the CCDFA certificate?

  • Professional Certificate

    CCDFA is the only certification that will truly assess your skills in multiple domains, all using a single certification-process.

  • Experiential Learning

    CCDFA includes more than 35 hands-on labs that cover skills related to the basic of digital forensic, disks, file systems, and Windows.

  • Evaluated by Experts

    CCDFA requires students to take a practical assessment and submit a report for the expert committee to evaluate.

Learning Objectives

After completing this course, you are expected to:

  • Understand the fundamentals of digital forensic investigations

  • Demonstrate correct methods of evidence gathering

  • Learn how to extract file metadata and analyze files using a hex-editor

  • Summarize the analysis results and write investigative reports

  • Ability to analyze and fix corrupted disks

  • Ability to analyze FAT32 and NTFS file systems, plus recover and carve files from raw data

  • Ability to investigate Windows System Artifacts

  • Investigating Windows Program Execution Artifacts

  • Investigating Windows Registry and Windows Shellbags

  • Ability to analyze Windows Events Logs, Scheduled Tasks, and different Windows Applications (e.g. Skype, One Drive, etc)

Prerequisites

This course assumes no previous knowledge in digital forensics, however basic knowledge in computer science or any related field is highly desirable.

Who is this Certificate For?

Anyone who wants to start a career in digital forensics, SOC team members, incident response handlers, red team members, malware analysts, and anyone who is curious to know about digital forensics and wants to learn something new.

System Requirements:

what you need to for the course

1. Computer or laptop with a Linux/Windows/Mac Operating System.

2. Capability of running virtualization software such as VMWare or VirtualBox.

3. More than 100 GB of disk space for the Virtual Machines and Forensic Images used.

Cancellation Policy:

Info you need to know to get a refund

Full refunds will be provided up to 14 days before the course start date. You are allowed to change the course schedule up to 10 days before the course starts.

Testimonials

“Breadcrumbs and Footprints... Affirmative .LNKs (pun intended) and Trace Evidence ... A ton of information, intelligence, and investigative leads are packed into Prefetch, Jumplist, LNK, and Thumbnail files.
"To a great mind nothing is little" -- S. Holmes.
Solid applicable Windows Forensics foundation from Dr. Ali Hadi and the Cyber5W Team. Here

Private Investigations | Digital Forensics

Eli W. Wilkerson

“This was a great day one! Really dived into it and wasn’t just a broad overview. Already working in VM’s and it is very hands on. Ali takes the time to answer all questions thoroughly. Here

Sarah