The first step on a forensic investigation is to acquire the data related to the incident. In this course, you will learn how to acquire data from devices (such as laptops, hard drives and USB sticks) following a proper forensic methodology.
The acquisition of digital media (such as laptops, hard drives, and USB sticks) is the first step in a cyber forensic case. The acquisition should be conducted in such a way that all the pieces of evidence are reliable enough to be presented in court if necessary. In this course, Incident Forensics: Digital Media Acquisition, we cover every single step of a digital media acquisition, including not only the technical part but also the overall forensic methodology that should be followed. First, you will be presented with some vital forensic concepts, such as chain of custody. Next, you will explore all the pre-requisites before the data acquisition. After, we show through demos how to image the most common digital media types using a professional forensic methodology. Finally, you will discover how to organize all of the evidence and create work copies for the forensic investigators. All the forensic acquisition task follows strict processes and procedures that ensure that the data will not be tampered with and the evidence is reliable. Throughout the course, you will follow a real-world scenario in which an employee was selling confidential information to competitors. By the end of this course, you will be prepared and have the knowledge to be the forensic technician responsible for acquiring the data related to any case.
Ricardo is a Cybersecurity Consultant based in Toronto (Canada). He has 10+ years of IT experience, 6 of them in the IT Security field. His main interests are: SIEM solutions (IBM QRadar), Enterprise Security Risk, Penetration Testing, Security processes/procedures and Network Security.
Course Overview (Music) Hello everyone. My name is Ricardo, and welcome to my course, Incident Forensics: Digital Media Acquisition. I'm a cyber security consultant with years experiencing incident response and computer forensics, and I'll be showing you everything you need to know to acquire digital media following a professional forensics process. You may think that cloning a hard drive is easy, but did you know that just by plugging a hard drive into your computer, you can invalidate a forensics case? Or, do you know that using some proper forensic techniques, you can recover even files that were deleted from the disk? In this course, we cover everything you need to know related to digital media acquisition, such as the overall forensic process behind digital media acquisition, the importance of the chain of custody, the digital media acquisition kit, the forensic documentation need for a professional forensic acquisition, and of course, how to image a hard drive following a professional forensic methodology. Also, this course is a very hands-on course. In here, we'll be working on the Globomantics forensic case in which a malicious employee was selling confidential information in the dark web. In here, you'll be responsible for collecting the evidence in a forensic manner and creating evidence for the case. By the end of this course, you'll have all the knowledge to perform a digital media acquisition in a professional forensic way. So, I hope you join me on this journey to learn about forensic data acquisition, here at Pluralsight.