Digital Forensics Training
All of ASI's Digital Forensics Training Classes consist of one to three days of classroom-based training and are conducted by ASI’s Chief Forensic Scientist and renowned expert in digital forensics, Harlan Carvey.
155 Center Street, Santa Cruz, California 95060
Instructor
All training is classroom-based and instructed by ASI’s Chief Forensic Scientist and renowned expert in digital forensics, Harlan Carvey.
ASI Hosted Training
Courses are typically conducted during normal business hours at ASI’s Training Facility in Reston, VA. Breakfast and lunch are provided.
ASI hosted training is charged on a per-attendee basis, with group discounts available.
Need Training On-Site?
Use Our Customer Hosted Option
Customer hosted training may be scheduled by request to accommodate groups or special needs. For this option, please ensure availability of a private classroom and training computers running the Windows 7 operating system for all attendees. Required software tools and instructional materials will be provided by ASI.
This training is charged on a per-session basis, plus instructor travel/lodging. Each session is limited to a maximum of 30 attendees.
Contact ASI today to register for classes.
Course Name: Windows Forensic Analysis
Course Length: 2 days
Course Price: $949 per person*
*Please call for special pricing options
Course Overview:
This course is designed to teach digital forensics practitioners to think beyond specific vendor tools. Attendees are taught an analytical methodology that emphasizes understanding an investigation’s goals, collecting the data to address those goals, and then correctly interpreting the results.
This course will enable the practitioner to understand the nature of the systems being analyzed. The exercises and examples used in this course are built for Windows 7, but the lessons learned apply across all platforms.
On Day 1, students take a deep-dive into collecting, collating, and interpreting data from the routine and more esoteric sources within a forensics image, such as:
- Jumplists
- Windows Events Logs
- Prefetch files
- Hibernation files
- Volume Shadow Copies
- Virtual Machines
Attendees are provided with a rich toolkit of open source tools and instructed in their use and applicability. Discussion includes use of these tools and techniques for cases involving:
- The “Trojan Defense”, where malware is blamed for observed nefarious activity;
- Undetected malware;
- Attempts to obfuscate user activities from forensic analysis;
- Other questionable user activities.
Day 2 reinforces the material previously covered by using the tools and methodologies in practical forensics exercises with increasingly complex goals.
The course is geared toward the junior to mid-level analyst possessing 1-3 years of digital forensics-related experience, an understanding of the Windows operating system, and comfort using the Windows command prompt interface.
Course Name: Timeline Analysis
Course Length: 2 days
Course Price: $949 per person*
*Please call for special pricing options
Course Overview:
This hands-on course is developed and led by Harlan Carvey, one of the primary developers and promoters of the timeline analysis technique within the DFIR community. The course provides a solid foundation in the purpose and practice of conducting a comprehensive timeline analysis to uncover and illuminate activities associated with a cyber-security incident.
This course begins with an overview of various Windows system artifacts that yield time-based data. Students are guided through the process of collecting this data using various open-source tools. The discussion then leads to methods for the normalization and collation of the data into a common format to facilitate the generation of a timeline. For example, the idiosyncrasies of Windows time formats are reviewed and synchronization techniques are recommended.
Harlan discusses in-depth, practical analysis methodologies essential for interpreting and qualifying timeline information. He demonstrates how to find pivot points within data by focusing on an investigation’s goals. These pivot points then become the center around which other data artifacts are time-correlated and interpreted to develop a comprehensive timeline for an incident.
Lessons are reinforced with intensive practical lab exercises. In the lab, students are presented with a Windows host image and investigation goals. Using their open source toolkit and analytical techniques learned in the class, students develop their own timeline of a forensics event from the provided host image.
This course is designed for the mid to senior-level forensics analyst.
Course Name: Registry Analysis
Course Length: 1 day
Course Price: $499 per person*
*Please call for special pricing options
Course Overview:
This hands-on course is developed and led by Harlan Carvey, author of Windows Registry Forensics and developer of the open source tool RegRipper, one of the most widely-used registry analysis tools in the world. Instruction begins with a thorough explanation of the Windows Registry and its potential as a wealth of information to the Digital Forensics analyst.
Discussion focuses on the binary structure of the Registry, how operating systems make use of the Registry, as well as free and open source tools for monitoring, examining and extracting pertinent data from the Registry (including deleted keys and values).
This course is designed for the junior to mid-level forensics analyst.