CI 101 - Secure Techniques for Onsite Previewing (June 2018)
This course covers the usage and configuration of two tools (Paladin/Autopsy and osTriage) designed to preview a non-mobile digital device and export files of evidentiary value. Day One is designed to preview a non-mobile digital device and export files of evidentiary value from a device that is powered on. Day Two is designed to preview a non-mobile digital device and export files of evidentiary value from a device that is powered off. Students who bring an external USB hard drive (32GB minimum) will be able to leave with the same setup shown in class. Other topics include a detailed examination of the process of previewing: what previewing is, why and when it should be done, who can conduct a preview, and differences in procedure for starting a preview depending on whether a device is on or off. * What is previewing? Learn why you should preview, who can perform a preview, when to conduct a preview, and how to start a preview whether a device is on or off. * Paladin/Autopsy. Forensically boot a device, then quickly preview and export digital evidence found on scene. * osTriage. Identify when encryption is present, image RAM memory, display browser history, preview and export existing files, and much more. * Hands-on experience. Work with Paladin/Autopsy and osTriage, and leave the course with the same setup shown in class.