The course aims to develop a practical working knowledge and understanding of Linux and open-source tools as a platform for performing computer forensic examinations.
At a glance
- 11 - 15 Mar 2019
- Duration5 days
- LocationCranfield University at Shrivenham
- Cost£1,750 - Company (anyone being paid for by their company). Concessions available
Course structureA one week course with a substantial amount of practical sessions in a dedicated forensic computing lab. The sessions will be taught by a variety of lecturing staff with both academic and practitioner based backgrounds.
What you will learn
On successful completion of this course, those attending should be able to:
- Compare and contrast the primary operating system platform choices from a forensic examination perspective
- Summarise and compare the range and capability of relevant tools available in the open source community
- Use and navigate a Linux system
- Apply standard Linux features, including the command shell and core utilities, to manage data and files in a forensic examination
- Securely and efficiently transfer data to and from a Linux system
- Apply core open-source forensic tools to forensic examinations
- Construct a complete forensic processing chain from open-source components, and assess its suitability for a forensic examination.
- Linux Kernels, distributions, graphical environments
- Unix platforms
- Licensing and support
- Installing and configuring Linux and Linux applications
- File system layout, system management and security concepts
- Accessing devices, partitions, and file systems
- Using a desktop (GUI) environment, and common desktop applications
- Using the shell and common command-line utilities
- Import, export, and cloning of disk images
- Working with split, compressed or encrypted images
- Advanced Forensic Format (AFF) – extensible open format for forensic image data
- Standard Unix features for data management and analysis
- Tools for basic process functions, such as viewing, converting, cryptographic hashing
- Identification and acquisition of disks and partitions
- Search concepts, including grep, find, and regular expressions
- NSRL known-good databases for file exclusion
- Analysis and carving tools
- Identifying and using open source tools
- Using scripting to automate processes and combine tools
- Forensic issues within the workflow, including repeatability and validity
- Managing and preserving evidence.
Who should attend
A distance-learning workbook, which includes a practical exercise for self-assessment is provide prior to the start of the course. This ensures that all students have some familiarity with Linux prior to the residential.
The workbook focuses on the basic use of the command-line to navigate and manage the Linux file system, files and processes, and familiarisation with the interface.
This course requires the following pre-requisites:
- Forensic computing foundations
- or equivalent experience
- and mandatory pre-workbook completion
Cranfield University has become the first university for digital forensics in the UK to receive full certification from the UK Government Communications Headquarters, GCHQ, for the MSc Digital Forensics course. This short course is a module from the Digital Forensics Masters course.
£766 - Individual (anyone paying for themselves to attend).
£383 - Student (a current student from any university or a former student of Cranfield University).
Accommodation options and pricesPlease contact us for information regarding accommodation.
Location and travel
Cranfield Defence and Security (CDS) is a Cranfield School based at the Ministry of Defence establishment on the Oxfordshire/Wiltshire borders. Shrivenham itself lies in the picturesque Vale of the White Horse, close to the M4 motorway which links London and South Wales. It is 7 miles from Swindon, the nearest town, which lies off the M4 at the hub of Britain’s motorway network.Bath, Cheltenham, Bristol and Oxford are all within an hour’s drive and London less than two hours away by car.
All visitors must be pre-booked in at reception by the person they are visiting on the campus.
Read our Professional development (CPD) booking conditions.