Forensic Examination of Network Computers
This course develops expertise in the forensic examination of both Client and Server machines. The course consists of an academic discussion of Networks and how they operate, followed by practical hands-on development of a Network from the point of view of a small business.
Starting from a standalone machine, students will build a working network via crossover connection from the use of switches on a small network, to a full-blown domain with controller. Forensic artefacts and methods of recovery for evidential purposes are discussed and practically experienced along the way.
Structure and content
Duration: 1 Week Full Time
Examination: Written 2 hours, Practical 3 hours
This course has its focus set on the examination of machines that have been used on a Network.
Topics Include: Methods of addressing and Protocols, Peer to Peer networks, Domain based networks, use of switches, hubs and routers, methods of dealing with large networks, backup policy and use of backups for forensic examination, tracking and tracing using registry and event logs, server activity and areas of analysis, security and permissions, user identification and use of external devices.
Many of these topics are taught using practical exercises. The Practical examination is based on the analysis of a complete hard disk.
Who the course is for
This course is for practitioners, and applicants should normally be employed by, and sponsored by law enforcement or associated agencies, or a reputable organisation involved in the forensic computing domain.
Recommended prior knowledge
For new or inexperienced analysts, it is strongly recommended that Foundations of Forensic Computing is completed before other courses are attempted.
Accredited Prior Learning (APL) may be awarded for previous relevant studies. Individual guidance will be provided with respect to assessing APL.
Key learning outcomes
This course develops expertise in the forensic examination of both client and server machines. Using practical hands-on exercises to build and examine a number of types of networks, relevant forensic artefacts are identified and used to show activity across a network.
What you will achieve
This course is designed to address the need for continuing professional development and career progression within a rapidly changing environment.
With this course students will be awarded 10 credits. Students can then build more credits through successful completion of related courses and assessments, which may lead to a PG Cert Higher Education award.
This course is taught exclusively by Professor Brian Jenkinson.
With well over 1,000 forensic examinations, and 14 years of experience in teaching forensic computing, courses offered by Brian are highly specialist with a blend of highly practical hands-on experience, combined with rigorous theoretical and academic training.
Course delivery is a combination of practical hands-on experience, combined with rigorous theoretical and academic training.
This course is delivered in the Forensic Laboratory at De Montfort University, in Leicester City Centre.
The laboratory is new, and has been purpose built with “super fast” machines, wide screen monitors, and an array of top-of-the range display systems. The Lab is situated within a security controlled area of the Cyber Security Centre, and is a very pleasant place to work.
Similar courses or related services you may be interested in
Places to stay
There are numerous hotels within easy walking distance (5-10 minutes) of De Montfort University (DMU) offering different grades of accommodation. Most will offer Government and Law Enforcement or DMU rates. A number are on the edge of the Town Centre and either have their own car parks, or have arrangements in place for discounted parking nearby.
Faculty of TechnologyGateway House Room 4.64De Montfort UniversityThe GatewayLeicesterLE1 9BH, UK
T: +44 (0)116 250 6339