This onsite instructor led course is designed for Digital Forensic Investigators at an intermediate level and encompasses essential principles that every digital forensic investigator ought to understand. Upon successful completion, you will acquire 24 CPE Credits and robust skills in utilizing Belkasoft X, while also enhancing your comprehension of the underlying techniques and methodologies associated with digital forensic analysis.
The course agenda:
- Configuring Belkasoft X to initiate investigations
- Acquiring data from various sources, including hard drives, smartphones, and cloud storage, as well as integrating additional data sources
- Analyzing significant artifacts such as internet evidence, media files, and registry data, while addressing challenges related to these artifacts
- Compiling a comprehensive report detailing relevant findings
Modules
-
Introduction1.5 hours
- Instructors will present learning objectives, detailed schedule, and materials along with expected outcomes over the course duration.
- Instructors and students will learn more about one another, their experiences, and their learning needs.
- Students will receive a general overview of the Belkasoft X platform and its capabilities.
-
First steps with Belkasoft X. User interface 2 hours
- Instructors will explain what types of data sources are supported by Belkasoft X and how to acquire new data sources (hard drives, smartphones, and clouds) and add existing ones.
- Students will become familiar with the main Belkasoft X workflow, from data acquisition to reporting on found evidence.
-
Data acquisition and main workflow 1 hours
- Instructors will explain what types of data sources are supported by Belkasoft X and how to acquire new data sources (hard drives, smartphones, and clouds) and add existing ones.
- Students will become familiar with the main Belkasoft X workflow, from data acquisition to reporting on found evidence.
-
Working with computer artifacts 2 hours
- Students will learn how to extract and analyse internet evidence, such as data from popular messengers, browser history, and emails.
- Students will become familiar with multimedia analysis options, including EXIF analysis, face detection, text recognition, and video keyframe extraction. Advanced ANN-based methods of pornography and guns detection will be demonstrated.
- Instructors will guide students on tools and techniques within the Belkasoft X platform to forensically analyze important system files (such as registry files, jumplists, and system event logs) to discover artifacts and traces pertinent to an ongoing case.
-
Working with mobile and cloud artifacts2 hours
- Instructors will explain what kinds of information could be extracted from various mobile data sources.
- Students will learn how to analyze standard and third-party mobile applications, how to get the most from discovered geolocation data, and how to find important evidence using the built-in SQLite Viewer.
- Instructors will also demonstrate capabilities of cloud acquisition and analysis.
-
Search and filtering techniques2 hours
- Students will learn how to utilize the Belkasoft X platform to narrow the search and save both time and effort. Filtering options for various data types will be considered.
- Students will learn how to bookmark their data for further reference.
- Instructors will explain how to get the most from the predefined search results and conduct efficient searches on the extracted artifacts.
- Students will become familiar with the Belkasoft X Timeline window and its capabilities.
-
Creating reports1 hour
- Instructors will guide students on the create reports from any part of the interface and configure them properly, so the reports look clean and concise.
- Students will also learn how to share their findings with colleagues using Belkasoft Evidence Reader.
-
Advanced analysis techniques2 hours
- Students will receive an overview of the low-level techniques, supported by Belkasoft X. Students will learn how to analyze RAM data (including processes analysis and malware detection). How to carve a drive or an image and use advanced carving options.
- Instructors will demonstrate the capabilities of File System Explorer, Hex Viewer, and built-in SQLite Viewer. Students will learn how to perform hashset analysis and process encrypted files.
-
Exercise review and wrap-up2 hours
There will be an overview of the practical exercises and a wrap up of the whole course. Students will be welcome to share their feedback and answer any questions, not answered during the course.
-
Belkasoft Certification Exam4 hours
There will be an overview of the practical exercises and a wrap up of the whole course. Students will be welcome to share their feedback and answer any questions, not answered during the course.
The workshop will start on November 3, 2024. Participants are expected to arrive before that day. For additional information, please email sales@belkasoft.com.