The "Cyber Investigation (CI) 101 - Secure Techniques for Onsite Preview" course covers the usage and configuration of two tools (Paladin/Autopsy and osTriage) designed to preview a non-mobile digital device and export files of evidentiary value. DAY ONE is designed to preview a non-mobile digital device and export files of evidentiary value from a device that is powered on. DAY TWO is designed to preview a non-mobile digital device and export files of evidentiary value from a device that is powered off.
Students who bring a thumb drive or external USB hard drive (32GB minimum) will be able to leave with the same setup shown in class. Other topics include a detailed examination of the process of previewing: what previewing is, why and when it should be done, who can conduct a preview, and differences in procedure for starting a preview depending on whether a device is on or off.
- What is previewing? Learn why you should preview, who can perform a preview, when to conduct a preview, and how to start a preview whether a device is on or off.
- Paladin/Autopsy. Forensically boot a device, then quickly preview and export digital evidence found on scene.
- osTriage. Identify when encryption is present, image RAM memory, display browser history, preview and export existing files, and much more.
- Hands-on experience. Work with Paladin/Autopsy and osTriage, and leave the course with the same setup shown in class.
- CI 091 - Introduction to Previewing online course.
- CI 142 - Encryption online course.
Bring the following to class: USB external hard drive (32GB minimum).