In this course, participants will learn about incident response and triage procedures in two different ways: on-site, in a specific amount of time and in the lab by previewing the data prior to processing. The same procedures can be applied even when performing dead box analysis, when it is a common procedure to mount images and preview the data and then, based on what is visible, perform processing. The fundamentals of this class are hands-on exercises with scripting/automating digital forensic problems. Participants will learn how to work with the popular tools for incident response and all will be done through examples and exercise. At the end of the course, all participants will be given an official certificate for passing the course.
Good understanding of digital forensics principles, advanced knowledge of Windows operating systems, basic knowledge of digital forensic tools.