Welcome
At Fields Associates, we specialise in the recovery of the digital “fingerprints” left by the routine use of computers. Even erased files can be recovered and examined, ensuring that you have all the evidence available to support your investigation.
Established in 1999, we have earned an impressive reputation in the detection, analysis and presentation of computer evidence in the broadest range of criminal activities. These include fraud, extortion, data theft, child pornography and Internet abuse.
Our clients include legal firms, international banks, blue chip companies, law enforcement and military organisations.
Courses > Introduction to Computer Forensics (2 Days)
Course Title: Introduction to Computer Forensics (2 Days)
Reference: ICF2
Duration: 16 Hours
[Courses Calendar]
Course Aim:
The Introduction to Computer Forensics two day course provides attendees with a basic knowledge of digital forensic examinations, and shows how evidential findings are applied within criminal and civil cases.
The course provides an overview of the tools and techniques used, the types of digital storage media likely to be encountered, and clear explanations of the terminology and software commonly found within cases involving computer evidence. The course also highlights the areas of law most relevant to cases involving digital forensic evidence.
Finally, the course reviews the topics covered in relation to two actual cases. This part of the study assesses the documentary evidence paper trail, the forensic examination, findings, and the eventual outcome of the cases.
The course comprises a more detailed look at topics covered on the one day course, plus further units on additional aspects of digital forensics.
Topics Covered:
- Introduction to Computer Forensics and Computer Evidence
- Types of digital storage media
- An explanation of common terms encountered in computer evidence cases
- Physical and Logical Partitions
- Explanation and demonstration of file Time/Date Stamps
- An overview of the operation of IP addresses
- Software commonly encountered when dealing with computer forensic evidence
- Practical group demonstration and examination of Peer-to-Peer software
- A review of Stated Cases involving computer evidence
- Review of two case studies to highlight areas covered by the course
Intended learning outcomes:
Upon completion, students should have a fundamental understanding of Computer Forensics, i.e. a basic knowledge of the process, application, and effectiveness of digital forensics, and how resultant evidence can be applied within legal cases.
Day 1
Course Timetable:
| 8.45am | Coffee and Registration |
| 9.00am | Introductions |
| 9.15am |
Introduction to Computer Forensics
Summary of Activity An introduction to the concepts of Computer Forensics and Computer Evidence and a brief explanation of how they are applied within criminal and civil cases. A brief look at the common types of cases that involve Computer Evidence. |
| 10.15am |
Types of Digital Media
Summary of Activity A look at the various types of digital storage media commonly encountered in computer forensic cases. |
| 11.15am | Coffee Break |
| 11.30am |
Physical and Logical Partitions
Summary of Activity An explanation of Physical and Logical Partitions. |
| 12.15pm |
Time/Date Stamps
Summary of Activity An explanation of each type of Time/Date Stamp associated with digital media, their behaviour, and the activities responsible for their alteration. This section also includes analysis of Time/Date Stamps when moved across Volume Partitions, and a practical demonstration of the behaviour of each stamp. |
| 1.30pm | Lunch |
| 2.00pm |
Commonly Encountered Terms
Summary of Activity A look at Key Terms encountered during cases involving Computer Forensics, including Temporary Internet Files, Unallocated Clusters, Live Clusters, Trojan Viruses, Forwarding Scripts, along with a practical demonstration of the most common. |
| 3.45pm | Coffee Break |
| 4.00pm | Commonly Encountered Terms – Continued |
| 5.45pm | Summary of Day, Questions |
| 6.00pm | Close |
Day 2
| 8.45am | Coffee |
| 9.00am |
Commonly Encountered Software
Summary of Activity An explanation of peer-to-peer software (including KaZaA, Morpheus) as well as an overview of file behaviour during download activities. |
| 10.30am |
Commonly Encountered Software – Practical
Summary of Activity Demonstration and group practical activity using the most common peer-to-peer software. |
| 11.15am | Coffee Break |
| 11.30am |
Stated Cases
Summary of Activity A review of the most relevant stated cases and the consequences of those cases on computer evidence. |
| 1.30pm | Lunch |
| 2.00pm |
Case Study
Summary of Activity A study of two actual cases, looking at the paper trail of evidence, the forensic examination, digital findings, and the Defence response. The eventual outcome of the cases is then assessed in relation to the areas covered during the course. |
| 3.45pm | Coffee Break |
| 4.00pm | Case Study - Continued |
| 5.45pm | Summary of Day, Questions |
| 6.00pm | Close |
Certification: CPD