FAQs


Incident Response

1. Who should attend the course?

Answer: The course should attend law enforcement members, digital forensics investigators and others that want to learn how to correctly respond to incidents that involve digital evidence.

2. Are there any prerequisites for the course?

Answer: Students should be able to understand the course curriculum presented in English, perform basic operations on a personal computer and familiar with the Microsoft Windows environment.

3. How will I benefit from this course?

Answer: The incident response class will teach students how to gather digital forensic evidence and conduct forensic investigations of computer-related incidents. Training is based on quick acquisition of most important evidence related to the various situations, analysis of acquired evidence and reporting.

4. What is the duration of the course? 

Answer: This is a 5-day class.

5. Is there an exam?

Answer: Yes, on the last day of class students will take on a final exam.

6. Will I get the certificate?

Answer: Yes, after taking the final exam, students will receive a certificate, proving successful completion of the course.

7. What practical skills will I have after the course?

Answer: Students will be able to do search warrant planning and execution, notes taking and retention, identification of potential evidence, conduct triage of evidence and detect encryption, recognize the incident, seize the evidence by respecting forensic rules, perform memory analysis at the crime scene and create a forensic report.


Network Forensics

1. Who should take this course?

Answer: The course is designed for all digital forensic investigators involved in investigations of computer networks.

2. What are the requirements for this training?

Answer: Participants should have basic knowledge of digital forensics and network protocols, models, security and basic knowledge of Linux operating system is recommended.

3. Will the participants have practical exercises?

Answer: Yes, the course will have practical exercises that will include gathering information about the network, collecting and analyzing network traffic and the class will also contain practical exercises using specialized software.

4. What is the duration of the course?

Answer: This is a 5-day course.

5. What practical skills will I have after this course?

Answer: All the participants will learn about the principles of computer networks, how to collect network traffic and enhance their ability to conduct forensic examinations of data collected from computer networks including network devices, servers and hosts.

6. What forensic tools will be used in this course?

Answer: During this course the participants will use Wireshark, Kali Linux (integrated tools), Windows “Command prompt”, Splunk, Snort, NetworkMiner, FlowTraq, EtherApe, PRTG Network monitor…

7. Will there be an exam?

Answer: Yes, at the end of this course participants will take a final exam.

8. Will I get the certificate?

Answer: Yes, after passing the exam students will get the certificate that proves a successful completion of the course.


Windows 10 Forensic

1. Who should take this course?

Answer: The course is designed for all digital forensics investigators involved in investigations of Windows operating systems.

2. How will I benefit from this course?

Answer: The course will provide participants with a detailed overview of the Windows 10 operating system forensics and focus on how the Windows 10 operating system changed over the past versions and how it works “under the hood” so that participants have a better understanding of how various operating system artefacts are created, why certain artefacts appear, and how these artefacts can be leveraged for forensic and investigative purposes.

3. What practical skills will I have after the course?

Answer:All the students will be able to recognize the file system within Windows operating  system, find and forensically analyse user profiles, locate and analyse Windows registries with different tools, recognize and analyse files encrypted with different versions of BitLocker, locate and analyse event logs, recognize event logs important for digital forensic analysis, understand, locate and analyse superfetch and prefetch files, link files, jump lists, thumbcache, thumbs, find Recycle bin files, know the difference between Recycle bin files from Windows 10 and previous versions of Windows OS, find all other relevant forensic artefacts, know how to analyze them and what their forensic value is.

4. What is the duration of the course?

Answer: This is a 5-day class.

5. What are the prerequisites for taking this course?

Answer: Participants should have a working knowledge of FTK Imager and Sysinternals suite, good experience with working in Windows operating system, good knowledge of digital forensics procedures.

6. Is this a basic/intermediate/advanced course?

Answer: This is an advanced course.

7. Will the course cover analysing artefacts from previous versions of Windows operating system?

Answer: Throughout Windows 10 forensics course participants will learn how Windows 10 artefacts can be analysed in digital forensics investigations, in comparison to the previous versions.

8. What forensic tools will be used in this course?

Answer: Open source tools will be used, such as Windows Event Viewer, VMware player, FTK Imager, Registry Viewer, REGEDIT, EseDbViewer…

9. Is there an exam?

Answer: Yes, participants will take on a final exam.

10. Will I get the certificate?

Answer: Yes, after passing the test students get the certificate, proving successful completion of the course.


Open Source Intelligence (OSINT)

1. Who should take this course?

Answer: The course is designed for all digital forensic investigators involved in investigations of people, companies and money transactions by using online available sources.

2. How will I benefit from this course?

Answer: The course will provide participants with a skills and knowledge to investigate crimes only by using online available tools and their intuition. A lot of topics covered by this course participant will be able to use later on in their everyday work.

3. What practical skills will I have after the course?

Answer: All the students will be able to properly prepare their workstations for OSINT investigations, recognize the danger of data leaking and how to prevent it; use search engines to investigate people, companies and financial data available online; use Maltego tool for financial forensic investigations; perform online investigations on documents, pictures and their metadata,…

4. What is the duration of the course? 

Answer: This is a 5-day class.

5. What are the prerequisites for taking this course?

Answer: The students should have a basic understanding of open source intelligence gathering and be comfortable with different kinds of online researching and have basic knowledge of digital forensic procedures.

6. What forensic tools will be used in this course?

Answer: Maltego, for which trial licenses will be provided and search engines, email analysis tools, open source tools for analysis of social networks, dark web, cryptocurrencies, wallets, …

7. In the title, it says that this is a course for financial investigation techniques. Can I participate and use learned skills on any investigative topic?

Answer: Off course, the curse is based on case studies from financial investigation area, but the learned skills, frameworks, mindset can be used in any other kind of digital forensic investigation based on open source intelligence and tools.

8. Is there an exam?

Answer: Yes, participants will take on a final exam.

9. Will I get the certificate?

Answer: Yes, after passing the test students get the certificate, proving successful completion of the course.