SC450: Digital Forensics for Subject Matter Experts

Training: Security

IT security professionals and administrators receive a practical introduction to digital forensics. The course covers the analysis of Windows and Linux systems according to forensic principles, as well as handling typical artifacts. It addresses methods of evidence preservation, practical exercises, and discussions. The training concludes with an exam.

Hybrid training Hybrid training

Start: 2025-11-24 | 10:00 am

End: 2025-11-28 | 04:00 pm

Location: Nürnberg

Price: 2.850,00 € plus VAT.

Request prefered appointment period:

* All fields marked with an asterisk are mandatory fields.

Agenda:

  • Welcome, introduction, organization

  • Introduction
    • Context: Information security, IT security and data protection
    • Significance of forensics
    • Introduction to incident response
      • Definition, objectives
      • Problem areas and recommendations
    • Introduction to Digital Forensics (First Insight: Definition, Objectives)
    • Excursus: Criminal Law

  • Understanding attacks
    • Attackers and their motivations
    • Common attack techniques & attack targets
    • CTF: live pentest

  • Incident response (Theory and fundamentals)
    • Incident response (BlueTeam)
    • Windows forensics
    • Exercise: Digital evidence collection
    • Court-admissible documentation

  • Practice: Action recommendations and tools
    • Discussion on measures after knowledge acquisition from IT forensics
    • Which tools are mandatory?
    • Which tools are "nice to have"?

  • Practice Focus: Windows forensics
    • Windows Registry
      • Registry hives online and offline
      • Tools for data acquisition
      • Tools for registry analysis
    • System information
      • OS version
      • Current Control Set
      • Computer name
      • Time zone
      • Network interfaces
      • Autostart
      • SAM hive and user information
    • System logons
    • Event logs
    • Network connections
    • Remote access
    • USB devices
      • Device identification
      • First/Last times
    • File Access
      • Recent files
      • Office recent files
      • ShellBags
      • Open/Save and LastVisited dialog MRUs
      • Windows Explorer address/search bars
    • File execution
      • User assist
      • ShimCache
      • AmCache
      • BAM/DAM
    • Deleted Files

  • Compact: Linux forensics
    • System Information
      • User account
      • User groups
      • Sudoers list
      • System logons
    • System configuration
      • Hostname
      • Time zone
      • Network configuration
      • Processes
      • DNS information
    • Persistence mechanism
      • Cron jobs
      • Services
      • Bash/shell startup
    • Log Files
      • Syslogs
      • Authentication logs
      • Third-party logs
    • Deleted files

  • Review and final examination
    • Quiz
    • Question answering and discussion
    • Examination

Objectives:

Evidence preservation and proof of criminal activities in IT security incidents frequently present major challenges to enterprises.

In this workshop, we provide you with the necessary insider knowledge on how to conduct forensic analyses of Windows and Linux systems during IT security incidents and secure and evaluate court-admissible evidence. The workshop focus lies on the practice-oriented delivery of fundamental IT forensic work knowledge.

At the end of the workshop, you will be capable of:

  • Responding to security incidents more securely and correctly
  • Securing court-admissible traces
  • Independently performing forensic analysis steps on Windows systems
  • Making a significant contribution to evidence-based investigation of cyberattacks to track down perpetrators

Target audience:

  • Practitioners, particularly in computer science and related disciplines
  • IT administrators
  • Aspiring IT forensics specialists

Prerequisites:

A good understanding of IT systems and terminology is expected.

Description:

Cybercriminals pose a high threat to enterprises and their sensitive data through phishing, hacking, or scamming. To prevent the risks of an attack or to trace and forensically secure the evidence left by perpetrators in case of an attack, IT forensic knowledge is required.

The focus of the workshop SC450 Digital Forensics for Subject Matter Experts is on the practical analysis of Windows and Linux systems considering IT forensic principles.

This covers both the fundamentals of digital forensics as well as detailed examination of individual IT forensic artifacts. The content is developed interactively in manageable groups through presentations, hands-on exercises, and group discussions.

The seminar concludes on the final seminar day with an examination and a certificate.

For the examination, which takes place in the afternoon, participants have 90 minutes. It consists of 40 multiple choice questions. To successfully pass the examination, 70% must be answered correctly.

check-icon

Guaranteed implementation:

from 2 Attendees

Booking information

Price:

2.850,00 € plus VAT.

(including lunch & drinks)

Exam (Optional):

100,00 € plus VAT.

Testimonials:

Cheerful male participant, representative of all customers who have provided feedback on qSkills' services.
#Testimonials
If qualification, then qSkills™

Authorized training partner

NetApp Partner Authorized Learning
Commvault Training Partner
CQI | IRCA Approved Training Partner
Veeam Authorized Education Center
Acronis Authorized Training Center
AWS Partner Select Tier Training
ISACA Accredited Partner
iSAQB
CompTIA Authorized Partner
EC-Council Accredited Training Center

Memberships

Allianz für Cyber-Sicherheit
TeleTrust Pioneers in IT security
Bundesverband der IT-Sachverständigen und Gutachter e.V.
Bundesverband mittelständische Wirtschaft (BVMW)
Allianz für Sicherheit in der Wirtschaft
NIK - Netzwerk der Digitalwirtschaft
BVSW
Bayern Innovativ
KH-iT
CAST
IHK Nürnberg für Mittelfranken
eato e.V.
Sicherheitsnetzwerk München e.V.