Advanced Topics in Forensic Computing
This course will explore areas such as the Windows registries, CDs and DVDs, the use of virtualisation to replicate a suspect machine, and website development and analysis.
This course is aimed at extending Practitioners capability in the field, and contains material which adds value to the previously completed courses;
- Foundations of Forensic Computing
- Forensic Examination of Internet Use
- Forensic Examination of Network Computers
Structure and content
Duration: 1 Week Full Time
Examination: Written and Practical 3 hours
Topics include: Structure of Registries in Win9x to Win 7, useful areas of registry in Forensics, structure of hives and “Hbins”, identification of “Hbins” and fragments in unallocated space, recovery and decoding of same, deconstruction of Volume shadow copy volumes, identification of cumulative changes via indexes of all Volumes, identification of CD & DVD artefacts, identification of written disks to machines, decoding and structural rebuilding of write buffers, Virtual machines use in testing hypotheses as well as viewing suspect disk images “live”, building of networks using VMs, dealing with “BSOD” in VMs, website building, and hosting and artefacts remaining on machine involved.
This course examines in a practical setting, advanced forensic techniques relating to areas of particular current relevance. This includes the Windows registries, CDs and DVDs, the use of virtualization to replicate a suspect machine, and website development and analysis.
Who the course is for
This course is for practitioners, and applicants should normally be employed by, and sponsored by law enforcement or associated agencies, or a reputable organisation involved in the forensic computing domain.
Recommended prior knowledge
For new or inexperienced analysts, it is strongly recommended that Foundations of Forensic Computing is completed before other courses are attempted.
Accredited Prior Learning (APL) may be awarded for previous relevant studies. Individual guidance will be provided with respect to assessing APL.
What you will achieve
This course is designed to address the need for continuing professional development and career progression within a rapidly changing environment.
With this course students will be awarded 10 credits. Students can then build more credits through successful completion of related courses and assessments, which may lead to a PG Cert Higher Education award.
This course is taught exclusively by Professor Tony Sammes.
With well over 1,000 forensic examinations, and 14 years of experience in teaching forensic computing, courses offered by Tony are highly specialist with a blend of highly practical hands-on experience, combined with rigorous theoretical and academic training.
Course delivery is a combination of practical hands-on experience, combined with rigorous theoretical and academic training.
The course is delivered in the Forensic Laboratory at De Montfort University, in Leicester City Centre.
The laboratory is new, and has been purpose built with “super fast” machines, wide screen monitors, and an array of top-of-the range display systems. The Lab is situated within a security controlled area of the Cyber Security Centre, and is a very pleasant place to work.
Similar courses or related services you may be interested in
Places to stay
There are numerous hotels within easy walking distance (5-10 minutes) of De Montfort University (DMU) offering different grades of accommodation. Most will offer Government and Law Enforcement or DMU rates. A number are on the edge of the Town Centre and either have their own car parks, or have arrangements in place for discounted parking nearby.
Faculty of TechnologyGateway House Room 4.64De Montfort UniversityThe GatewayLeicesterLE1 9BH, UK
T: +44 (0)116 250 6339