This course is designed to introduce new examiners to the realm of digital forensics and provide the baseline of foundational knowledge needed to perform analysis of artifacts acquired from digital evidence. The Belkasoft X workflow is designed around the following fundamental concepts of digital forensics:

• Identification of digital evidence
• Logical disk structures
• Maintaining the integrity of source media
• Understanding the operating system
• Locating pertinent digital artifacts

During Instructor-led course activities and exercises, participants will demonstrate their understanding of essential digital forensic concepts while using the Belkasoft X platform. Upon completion, participants will be qualified to attend the Belkasoft certification course.

The Belkasoft X certification course design, objectives, practical exercises, and scenarios are written based on over fifteen years of field experience from working with LE officers and CCU examiners both international and domestic. The techniques taught in this course – while based on Belkasoft X functionality and workflow – have been curated from extensive research, testing, and use on live systems involved in actual cyber crimes investigated around the world where DSI examiners were actively involved as contracted analysts, instructors, and/or mentors.

The Belkasoft Evidence Center X Certified Examiner course is designed for

Through lecture, instructor-led demonstrations, and practical exercises the Belkasoft course will prepare participants to
on electronic/mobile artifacts utilizing the Belkasoft X platform.

• During course activities and exercises, participants will demonstrate the ability to perform forensically sound investigations and efficiently analyze digital artifacts pertaining to items of evidentiary value.
• Throughout the course, participants will discuss procedures used on the identification, acquisition, analysis, and reporting of electronic media for courtroom presentation.
• Participants will also discuss the importance of developing and maintaining a policy on analyzing electronic artifacts to guide examiners when conducting cases.
• Upon completion of this course, participants will be able to draft an effective report on findings detailing the analysis process followed to locate pertinent evidence.

The Belkasoft X certification course design, objectives, practical exercises, and scenarios are written based on over fifteen years of field experience from working with LE officers and CCU examiners both international and domestic. The techniques taught in this course – while based on Belkasoft X functionality and workflow – have been curated from extensive research, testing, and use on live systems involved in actual cyber crimes investigated around the world where DSI examiners were actively involved as contracted analysts, instructors, and/or mentors.

This course is designed to provide local/federal law enforcement, military investigative personnel, and private sector security professionals training on the knowledge and skills required to leverage Windows resources and artifacts to perform a comprehensive timeline-based examination.

During course activities and exercises, participants will demonstrate the ability to perform forensically sound investigations and efficiently analyze digital artifacts pertaining to items of evidentiary value. Upon completion of this course, participants will be able to draft an effective report on findings detailing the analysis process followed to locate pertinent evidence.

The Belkasoft X certification course design, objectives, practical exercises, and scenarios are written based on over fifteen years of field experience from working with LE officers and CCU examiners both international and domestic. The techniques taught in this course – while based on Belkasoft X functionality and workflow – have been curated from extensive research, testing, and use on live systems involved in actual cyber crimes investigated around the world where DSI examiners were actively involved as contracted analysts, instructors, and/or mentors.

The Incident Response Examination course with Belkasoft teaches how to conduct incident investigation and response using the Belkasoft Evidence Center X. During the course, participants will learn about the following subjects: modern cyberthreats; tactics, techniques, and procedures used by attackers; searches for IoCs; and other topics linked to online incidents.

The course will be useful for Information Security specialists, especially digital forensic analysts interested in incident investigation.

This course will provide students with the tools needed to analyze artifacts contained within random access memory acquired from live Windows-based systems.

The Belkasoft X platform provides a comprehensive toolset for the examiner to locate artifacts from:

• Running processes
• Network connections and file shares
• Internet browsers
• Social media content

The Belkasoft Live RAM Capturer is used by many first responders and examiners worldwide for its ability to acquire volatile memory from 32-bit and 64-bit systems quickly and completely, including areas in RAM protected by actively running applications. Data that could be potentially recovered from these areas include chat communications and webmail artifacts.

During Instructor-led course activities, and exercises - participants will demonstrate the ability to efficiently analyze digital artifacts acquired from RAM while utilizing Belkasoft X.

The Belkasoft X certification course design, objectives, practical exercises, and scenarios are written based on over fifteen years of field experience from working with LE officers and CCU examiners both international and domestic. The techniques taught in this course – while based on Belkasoft X functionality and workflow – have been curated from extensive research, testing, and use on live systems involved in actual cyber crimes investigated around the world where DSI examiners were actively involved as contracted analysts, instructors, and/or mentors.

As a proven industry leader, Belkasoft has remained at the forefront of innovation when forensically acquiring mobile device data, while safely bypassing security constraints using the latest techniques.

This course will provide students with the tools needed to perform forensic analysis of Apple iOS and Google Android mobile devices from within the Belkasoft X platform.

The Belkasoft X platform provides a comprehensive toolset for the examiner to locate artifacts from mobile devices including:

• SMS/MMS
• Call Logs
• Pictures and Video
• Internet-based data
• Browser content
• App data and SQLite databases

During Instructor-led course activities, and exercises - participants will demonstrate the ability to efficiently analyze digital artifacts acquired from mobile devices while utilizing Belkasoft X.

The Belkasoft X certification course design, objectives, practical exercises, and scenarios are written based on over fifteen years of field experience from working with LE officers and CCU examiners both international and domestic. The techniques taught in this course – while based on Belkasoft X functionality and workflow – have been curated from extensive research, testing, and use on live systems involved in actual cyber crimes investigated around the world where DSI examiners were actively involved as contracted analysts, instructors, and/or mentors.

As a proven industry leader, Belkasoft has remained at the forefront of innovation when forensically acquiring mobile device data, while safely bypassing security constraints using the latest advanced techniques.

This course will provide you with the knowledge and preparation to use the Belkasoft X forensic software to conduct advanced acquisitions and complete an in-depth analysis of iOS and Android mobile device digital evidence to include:

iOS Advanced Acquisitions

• Acquisition with lockdown file
• Agent based Full File System acquisition
• Jailbroken device acquisition
• Checkm8 based device acquisition

iOS Advanced Analysis

• Full File System Features – Data not included with an iTunes Backup
• Keychain
• System Artifacts – Knowledge C and Location Data
• Third Party Apps – SQLite databases and Plist files

Android Advanced Acquisitions

• Agent Backup acquisition
• APK Downgrade acquisition
• File System Copy acquisition
• Physical acquisition

Android Advanced Analysis

• Full File System Features – User profiles, Encryption, and Keystore
• System Artifacts – Passwords, Account Information, and System Settings
• Third Party Apps – SQLite databases and XML files

This course is meant for intermediate to advanced users. Although not required, BEC 301 should be completed prior to taking this course, or the participant should be proficient with the use of the BEC X forensic software.

The BEC 302 course design, objectives, practical exercises, and scenarios are written based on over twenty years of field experience from working with LE officers and CCU examiners both international and domestic. The techniques taught in this course – while based on Belkasoft X functionality and workflow – have been curated from extensive research, testing, and use on live mobile devices involved in actual cyber crimes investigated around the world where DSI examiners were actively involved as contracted analysts, instructors, and/or mentors.

BEC401 is designed to provide examiners training on the knowledge and skills required to:

• Forensically acquire cloud storage data for analysis
• Identify and analyze cloud-based artifacts from computers and mobile devices

Through lecture, instructor-led demonstrations, and practical exercises this course will prepare participants to identify, acquire, analyze and report on cloud artifacts utilizing the Belkasoft X platform. During course activities and exercises, participants will demonstrate the ability to perform forensically sound investigations and efficiently analyze digital artifacts pertaining to items of evidentiary value. Upon completion of this course, participants will be able to draft an effective report on findings detailing the analysis process followed to locate pertinent evidence.

The Belkasoft X certification course design, objectives, practical exercises, and scenarios are written based on over fifteen years of field experience from working with LE officers and CCU examiners both international and domestic. The techniques taught in this course – while based on Belkasoft X functionality and workflow – have been curated from extensive research, testing, and use on live systems involved in actual cyber crimes investigated around the world where DSI examiners were actively involved as contracted analysts, instructors, and/or mentors.

BEC501 is designed to provide examiners training on the knowledge and skills required to identify pertinent connections across multiple data sources and separate case files.

Through lecture, instructor-led demonstrations, and practical exercises this course will prepare participants to use the Belkasoft X platform to perform link analysis and data analytics on network communications between multiple sources of digital evidence.

During course activities and exercises, participants will demonstrate the ability to perform forensically sound investigations and efficiently analyze digital artifacts pertaining to items of evidentiary value. Upon completion of this course, participants will be able to draft an effective report on findings detailing the analysis process followed to locate pertinent evidence.

The Belkasoft X certification course design, objectives, practical exercises, and scenarios are written based on over fifteen years of field experience from working with LE officers and CCU examiners both international and domestic. The techniques taught in this course – while based on Belkasoft X functionality and workflow – have been curated from extensive research, testing, and use on live systems involved in actual cyber crimes investigated around the world where DSI examiners were actively involved as contracted analysts, instructors, and/or mentors.

BEC601 is designed to provide examiners training on how to bypass password-based security constraints utilized by computers and mobile devices.

Through lecture, instructor-led demonstrations, and practical exercises this course will prepare participants to use the Belkasoft X platform to perform password/passcode breaking and bypass procedures to gain access to protected digital evidence or encrypted data.

The Belkasoft X certification course design, objectives, practical exercises, and scenarios are written based on over fifteen years of field experience from working with LE officers and CCU examiners both international and domestic. The techniques taught in this course – while based on Belkasoft X functionality and workflow – have been curated from extensive research, testing, and use on live systems involved in actual cyber crimes investigated around the world where DSI examiners were actively involved as contracted analysts, instructors, and/or mentors.