Computer Forensics Training
Conduct forensic investigations on computer systems, hard drives, and activity logs
Duration: 2 days
Overview
Deep-Dive Digital Investigations: Advanced Computer Forensics Training
In corporate environments, workstations, servers, and endpoint devices serve as the central repositories for critical business operations—and consequently, the primary trail for internal fraud, data breaches, and intellectual property theft. Unlocking the truth buried within these complex desktop and server architectures requires specialized, methodologically sound investigation techniques.
Triage Investiga’s Computer Forensics Training is an intensive, deeply technical program designed for internal auditors, security operations (SecOps) teams, IT administrators, and corporate investigators. This course equips your team with the rigorous skills required to locate, preserve, and reconstruct digital footprints from volatile memory and persistent storage media, ensuring all findings stand up to executive or legal scrutiny.
Core Specializations & Modules
1. Evidence Preservation & Advanced Storage Media Acquisition
This module establishes the foundational baseline for first responders, focusing on the forensically sound isolation and bit-stream imaging of traditional hard drives and solid-state storage.
- Forensic Data Duplication: Master the deployment of hardware and software write-blockers to create flawless E01 or RAW bit-stream images without modifying the source media.
- Volatile Memory (RAM) Capture: Techniques for capturing live memory to preserve transient data, active network connections, and unencrypted passwords before shutting down a machine.
- Chain of Custody & Hash Verification: Implementing strict cryptographic verification (MD5, SHA-256) and documentation protocols to ensure evidence admissibility.
Dead-Box Forensics: Navigating diverse hardware interfaces (SATA, NVMe, SAS) and specialized corporate server configurations (RAID arrays).
2. Operating System Artifacts & Filesystem Deep-Dive
Once a forensic image is secured, investigators must know how to navigate the complex filing structures of modern operating systems to reconstruct user behavior.
- Windows/Linux Registry Analysis: Mining registry hives to uncover installed software, connected USB devices, user execution history, and system configurations.
- Event Log & Timeline Reconstruction: Correlating system event logs, Prefetch files, and Shimcache to build an exact, second-by-second timeline of a security incident.
- File System Analysis & Data Carving: Bypassing standard file headers to recover deleted documents, fragmented emails, and hidden partitions from unallocated space.
Anti-Forensics & Deception Detection: Identifying and neutralizing sophisticated user attempts to obscure trails via timestomping, data wiping tools, or hidden directories.
Hands-on Practical Sessions (Labs)
This training features dedicated, simulated lab environments where participants will work with real evidence using industry-standard tools (such as Autopsy, FTK Imager, and Volatility):
- Lab 1: The Live Response Protocol: A hands-on simulation where participants must triage a live, compromised corporate workstation, safely dumping its volatile RAM and securing active network artifacts before execution blocks.
- Lab 2: Data Carving & File Recovery Challenge: Participants are given a corrupted and partially wiped forensic image and must manually carve out hidden financial documents and deleted chat logs that the suspect attempted to destroy.
Lab 3: The Insider Threat Mock Case: A complete corporate investigation simulation where participants analyze a full forensic image to prove an incident of intellectual property theft, tracing the exact USB drive used and building an airtight evidence report.
Key Benefits of Joining This Training
- Ironclad Admissibility: Ensure your team's investigative methodologies fully align with international forensic standards, minimizing the risk of evidence being thrown out during legal or disciplinary hearings.
- Unmask Hidden Actions: Learn how to look past automated software dashboards to manually verify system artifacts, uncovering deeply buried traces of unauthorized data access.
- Rapid Incident Mitigation: Drastically reduce corporate downtime by enabling your IT and security teams to quickly isolate compromised endpoints and determine the root cause of a breach.
Tailored Corporate Governance: Our curriculum is explicitly adapted to address the specific IT infrastructures, compliance mandates, and high-stakes risk scenarios common to major corporate and banking sectors.
Workstations hold the definitive blueprint of corporate compliance and misconduct. Ensure your team knows how to read it. Partner with Triage Investiga.
What You Will Learn
- File Systems & Data Recovery
- Artifacts & Activity Timelines
- Hardware Teardown & Hashing
- Anti-Forensics & Exfiltration
- Legal Standards & CoC
- eDiscovery & Reporting
Who Should Attend
This training is meticulously designed for Internal Auditors, Fraud Examiners, Corporate Risk & Compliance officers, and general investigators who regularly handle compliance, examination, or investigative processes.
Meet the Trainers
Dani Prawira, S.T., M.T., EnCE, CFCE, CCE, ACE, ACI, CHFI, CCO, CCPA, A+, Linux+
Partner | Digital Forensics & Cyber Investigations
Learn morePast Training Sessions
Documented training programs we have delivered for leading organizations across Indonesia.
Digital Forensics for Internal Audit — BPJS Kesehatan
BPJS Kesehatan
Digital Forensic Training — PLN Nusantara Power
PLN Nusantara Power
Digital Forensics Training — YKKBI
YKKBI
Digital Forensic Expertise — Bank Permata
Bank Permata
Interested in this training?
Request a schedule or an in-house program tailored to your organization.