In emergency situations the first units attending the scene need to be prepared for whatever challenges await, and need to be familiar with how to identify, collect, protect and preserve evidence at a cyber crime scene.

The core objective of this course is to improve the effectiveness of potential First Responders, and to empower system and network administrators, with the critical skills necessary to identify, collect, protect and preserve evidence located on computer systems and other electronic devices.

An effective first response capability is a crucial element of any defense-in-depth strategy, and this course will provide you with this capability.

• IT professionals wishing to learn the core first responder concepts;

• Network and System administrators likely to arrive first on the scene;

• Computer Security Incident Response Team Members;

• Security professionals likely to encounter a compromised machine;

• Information security managers needing to understand forensics;

• Lawyers & paralegals desiring basic digital forensics knowledge;

• Corporate fraud investigators involving computers & digital records;

• Anyone interested in digital forensics

Knowledgeable first responders apply good forensic practices to routine administrative procedures, and know how routine actions can adversely affect the forensic value of data.

Key topics that we teach include:

1. An Introduction to Digital evidence in a South African context
2. How to Determine the severity of the incident
3. Core skills required to identify, collect, protect and preserve evidence
4. The difference between volatile and non-volatile data
5. The principle of Locard's Exchange
6. How to identify the root cause of an incident
7. Introduction to Windows memory acquisition and analysis
8. How to create a forensically sound disk image
9. An Introduction to disk image analysis
10. An overview of Windows file systems
11. Typical Windows artifacts of interest to an investigation
12. How to prepare a digital forensic evidence acquisition report