+49 (911) 80 10 30

Give us a call or have us call you back!

Simply leave a message with your callback appointment

Your Name *

Your phone number *

Callback date *

Callback time *

Your request *

In order to process your request, it is necessary to process the data you provide. This means that by submitting the contact form, you consent to your data being processed (see Privacy Policy). You can object to the processing of your data at any time.

* All fields marked with an asterisk are mandatory fields.
Send a message

Your Name *

Your email *

Your phone number

Your request *

In order to process your request, it is necessary to process the data you provide. This means that by submitting the contact form, you consent to your data being processed (see Privacy Policy). You can object to the processing of your data at any time.*

* All fields marked with an asterisk are mandatory fields.
Social Media

Share page

SC450: Digital Forensics for Subject Matter Experts

Training: Security

IT security professionals and administrators receive a practical introduction to digital forensics. The course covers the analysis of Windows and Linux systems according to forensic principles, as well as handling typical artifacts. It addresses methods of evidence preservation, practical exercises, and discussions. The training concludes with an exam.

Appointment selection

Appointments in German language (1)


Hybrid training	2025-11-24 \| 10:00 am	2025-11-28 \| 04:00 pm	Nürnberg

Possible course languages: German

Request prefered appointment period:

Your Name *

Your email *

Your phone number

Preferred period from *

Preferred period to *

Number of participants *

Your message

* All fields marked with an asterisk are mandatory fields.

Hybrid training

Start: 2025-11-24 | 10:00 am

End: 2025-11-28 | 04:00 pm

Location: Nürnberg

Price: 2.850,00 € plus VAT.

Request prefered appointment period:

Your Name *

Your email *

Your phone number

Preferred period from *

Preferred period to *

Number of participants *

Your message

* All fields marked with an asterisk are mandatory fields.

Agenda:

Welcome, introduction, organization
Introduction
- Context: Information security, IT security and data protection
- Significance of forensics
- Introduction to incident response
  - Definition, objectives
  - Problem areas and recommendations
- Introduction to Digital Forensics (First Insight: Definition, Objectives)
- Excursus: Criminal Law
Understanding attacks
- Attackers and their motivations
- Common attack techniques & attack targets
- CTF: live pentest
Incident response (Theory and fundamentals)
- Incident response (BlueTeam)
- Windows forensics
- Exercise: Digital evidence collection
- Court-admissible documentation
Practice: Action recommendations and tools
- Discussion on measures after knowledge acquisition from IT forensics
- Which tools are mandatory?
- Which tools are "nice to have"?
Practice Focus: Windows forensics
- Windows Registry
  - Registry hives online and offline
  - Tools for data acquisition
  - Tools for registry analysis
- System information
  - OS version
  - Current Control Set
  - Computer name
  - Time zone
  - Network interfaces
  - Autostart
  - SAM hive and user information
- System logons
- Event logs
- Network connections
- Remote access
- USB devices
  - Device identification
  - First/Last times
- File Access
  - Recent files
  - Office recent files
  - ShellBags
  - Open/Save and LastVisited dialog MRUs
  - Windows Explorer address/search bars
- File execution
  - User assist
  - ShimCache
  - AmCache
  - BAM/DAM
- Deleted Files
Compact: Linux forensics
- System Information
  - User account
  - User groups
  - Sudoers list
  - System logons
- System configuration
  - Hostname
  - Time zone
  - Network configuration
  - Processes
  - DNS information
- Persistence mechanism
  - Cron jobs
  - Services
  - Bash/shell startup
- Log Files
  - Syslogs
  - Authentication logs
  - Third-party logs
- Deleted files
Review and final examination
- Quiz
- Question answering and discussion
- Examination

Objectives:

Evidence preservation and proof of criminal activities in IT security incidents frequently present major challenges to enterprises.

In this workshop, we provide you with the necessary insider knowledge on how to conduct forensic analyses of Windows and Linux systems during IT security incidents and secure and evaluate court-admissible evidence. The workshop focus lies on the practice-oriented delivery of fundamental IT forensic work knowledge.

At the end of the workshop, you will be capable of:

Responding to security incidents more securely and correctly
Securing court-admissible traces
Independently performing forensic analysis steps on Windows systems
Making a significant contribution to evidence-based investigation of cyberattacks to track down perpetrators

Target audience:

Practitioners, particularly in computer science and related disciplines
IT administrators
Aspiring IT forensics specialists

Prerequisites:

A good understanding of IT systems and terminology is expected.

Description:

Cybercriminals pose a high threat to enterprises and their sensitive data through phishing, hacking, or scamming. To prevent the risks of an attack or to trace and forensically secure the evidence left by perpetrators in case of an attack, IT forensic knowledge is required.

The focus of the workshop SC450 Digital Forensics for Subject Matter Experts is on the practical analysis of Windows and Linux systems considering IT forensic principles.

This covers both the fundamentals of digital forensics as well as detailed examination of individual IT forensic artifacts. The content is developed interactively in manageable groups through presentations, hands-on exercises, and group discussions.

The seminar concludes on the final seminar day with an examination and a certificate.

For the examination, which takes place in the afternoon, participants have 90 minutes. It consists of 40 multiple choice questions. To successfully pass the examination, 70% must be answered correctly.