Course Curriculum

  • 01

    Introduction

    • The Importance of Evidence Acquisition

    • Must-Know First Response Actions

    • Have a question?!
  • 02

    Sanitization of the Target Media

    • Required Files

    • Sanitization

    • Hardwipe Tool

    • Cygwin tools (dd command in Windows)

    • Exercise #1

    • Exercise #1 Solution
  • 03

    Acquisition Tools

    • Required Files

    • Evidence Data Acquisition

    • Memory Dump

    • Tools for Memory Dump

    • Disk Drive Imaging

    • Other Forensic Tools

    • Exercise #2

    • Exercise #2 Solution
  • 04

    Hardware Acquisition Tools

    • Examples of Hardware Acquisition Tools

    • Using UltraDock Write-Blocker
  • 05

    Mounting a Forensic Image

    • Required Files

    • Introduction to Image Mounting

    • Arsenal Image Mounter

    • OSFMount

    • Other Forensic Image Mounting Tools

    • Exercise #3

    • Exercise #3 Solution
  • 06

    Summary

    • Summary

    • References

4 CPE Credits

After completing this course, you will earn:

Learning Outcomes

This course demonstrates the skills that you need to master the digital evidence acquisition skill

  • Learn how to wipe a disk and use the tools Hardwipe and dd (on Windows) for disk wiping

  • Learn how to use a WriteBlocker

  • Practice RAM data capturing using Belkasoft, Magnet RAM capture, and Dumpit

  • Practice disk data acquisition using the tools Belkasoft, FEX Imager, and dd command

  • Practice forensic image mounting using Arsenal Image Mounter and OSFMount tools

Technical Requirements

For the hands-on labs in this course

  • Windows 10 operating system (recommended)

  • Internet Connection

What is next at Cyber 5W?

Add your email to the mailing list to get the latest updates.