Training & Certifications

FCFI (Foresec Certified in Forensic Investigator)

This program provides participants with knowledge and skills that are essential for carrying out forensic investigator responsibilities in their organization. The first few modules lay groundwork for specialized security topics that covered network operation and design, TCP/IP protocol suite, introduce Port Scanning and understand role that routers play also conclude several topics about physical security.

Program Objectives

At the end of the program, the participants will be able to :

  1. Understand the proper evidence handling skills
  2. Apply proper forensic methodology while handling computer crime cases

Target Audience

Network Administrator, Systems Administrator, Network Engineer, Systems Engineer.

Duration

This program is 5 days of intensive training - workshop class.

Requirement

Participants are required to have knowledge of Fundamental ICT, Networking Essentials, Computer Networking Technology or related subjects.

Assessment

At the end of the program, the participants will be assessed with Foresec Certified in Forensic Investigator Exam.

Award

Foresec Certified in Forensic Investigator Certification will be awarded upon successfully passing the exam from Foresec, through an independent online exam engine, PXmatics.

Program Modules

Module 1 : Introduction to Computer Forensic Investigation
  1. Ethical Behaviour while conducting Computer Forensic Investigation
  2. Media Acquisition Strategy
  3. Hardware and Imaging Issues
  4. Legal and Privacy Issues

Module 2 : Digital Imaging Process
  1. Digital Imaging Theory and Process
  2. Write Blocking
  3. Wiping, Hashing, Validation, Image Restoration, Cloning, Unallocated Space
  4. Drive Partitioning

Module 3 : Media Analysis
  1. File System Basics
  2. MAC times and Timeline Analysis
  3. Recovering Deleted Files
  4. String Searches

Module 4 : Incident Response and Evidence Acquisition
  1. Linux and Windows Response Process
  2. Understanding Open Source VS Commercial Investigation Tools
  3. Creating a Live System Imagining vs Offline Imagining
  4. Utilising Hash Sets in Investigation

Module 5 : Network Forensic Investigation
  1. Understanding TCPdump usage
  2. Tcpdump Capturing Tips and Tricks
  3. Utilising Netflow Capturing Techniques
  4. Visualising traffic using Wireshark
  5. GEOMAPPING traffic
  6. Network Forensic Tradeoffs

Module 6 : Dissecting Protocols
  1. HTTP Forensic Investigation
  2. NTP Protocol Investigation
  3. Wireless Protocol Analysis
  4. E-Mail Investigation and Protocol Analysis
  5. Investigating SSL traffics

Module 7 : Extracting Log Evidence
  1. Understanding Implementation and Utilisation of Syslog Server and Services
  2. Understanding Event Anomalies
  3. Extracting and Parsing HTTP log Files
  4. Extracting and Parsing Firewall / Router and Switch Logs
  5. Log Analysis Tools and Techniques

Module 8 : Covert Channel
  1. Detecting Malwares using sniffers
  2. Protocol Dissecting Malwares
  3. Detecting Netcat and Cryptcat Shells
  4. Malicious Web Shell Detection

Module 9 : Encrypted Connection Traffic Flow Analysis
  1. Identifying Encrypted Connection Behaviour
  2. Identification of Flow points for Encrypted Traffic
  3. Reverse Engineering Network Protocols
  4. Breaking the encrypted Protocols
  5. Mitigation and Analysis Strategies

Module 10 : Real Time Case Study
  1. Online Banking Attacks
  2. Investigating STUXNET Virus
  3. Investigation FLAME and APT (Advanced Persistent Threat)
  4. Maintaining a healthy Detection Systems
  5. Limitations of IDS and IPS technology
Scroll to Top