UCD Home | About UCD | UCD News & Events | Virtual Tour | Contact UCD | Staff Directories | UCD Sitemap | UCD Connect

News & Events

UCD CCI Forensics Summer School Timetable


UCD CCI Forensics Summer School Course Content / Timetable
(PDF)


Monday, 20 August 2012

0800–0900 Registration  
0900–1230 Course Overview – Process/SOP
  • Overview of the general digital investigation process
  • What is a standard operating procedure?
  • Designing a standard operating procedure
Lecture
1300–1400 Lunch  
1400–1700 Case Management
  • Need for Effective Case Management
  • Open-Source Solutions
  • CCIU Case Study
  • Demonstration of CCIU Solution
Lecture / Demo

 


Tuesday, 21 August 2012

0900–1230 Hardware/Storage Solutions – Build
Lecture / Demo
1300–1400 Lunch  
1400–1700 Hardware/Storage Solutions – Build
Lecture / Demo

 


Wednesday, 22 August 2012

0900–1230 Forensic Workstations - Build
Lecture / Demo
1300–1400 Lunch  
1400–1700 Forensic Workstations - Build
Practical

 


Thursday, 23 August 2012

0900–1230 Basic Networking / NFS
  • Configuring Networking under Linux
  • DHCP and Manual config
  • Setting up NFS
  • Connecting to NFS Server
  • Practical Exercises
Practical
1300–1400 Lunch  
1400–1700 Introduction to Linux
  • What is Linux? OS vs Kernel?
  • Navigating the filesystem
  • Basic Commands
  • Hashing
Lecture

 


Friday, 24 August 2012

0900–1230 Disk Structure
  • Physical Disks
  • Partitions / Clusters / Sectors

Preliminary Analysis (Introduction to Deepthought)

  • Overview of functionality
  • Background
  • Effectiveness
Practical
1300–1400 Lunch  
1400–1700 Deepthought
  • Using Deepthought for Preliminary Analysis
Practical

 


Saturday, 25 August 2012

0900–1230 Deepthought
Practical
1300–1400 Lunch  
1400–1700 Deepthought
Practical

 


Monday, 27 August 2012

0900–1230 Imaging (Guymager)
  • Forensic Imaging
  • dd vs guymager
  • Using Guymager
  • Practical Exercises
Practical
1300–1400 Lunch  
1400–1700 Full Forensic Analysis (email/chat/www)
  • Identifying relevant artefacts
  • Recovering Relevant Artefacts
  • Keyword Searching
  • SQLITE3
Practical

 


Tuesday, 28 August 2012

0900–1230 Full Forensic Analysis (Carving – Photrec)
  • What is Data Carving?
  • File Signatures
  • The file command
  • Carving using Photorec
  • Other Carving Tools
Lecture / Practical
1300–1400 Lunch  
1400–1700 Open–Source Frameworks
  • What is a framework?
  • Example Frameworks
  • Installation of the Digital Forensic Framework
  • Adding Modules to the framework
Practical

 


Wednesday, 29 August 2012

0900–1230 Backup
  • Overview of backup strategies
  • Considerations about data: redundancy vs. speed
  • Building a redundant storage cluster with low-cost machines
Lecture
1300–1400 Lunch  
1400–1700 Clustering
  • What is a processing cluster?
  • Clustering methods and benefits
  • Demo on simple cluster construction
  • Demo on distributing forensic processes to the cluster

ANT – (Automated Network Triage)

  • What is triage?
  • Network Triage Basics
  • Using ANT
Lecture

 


Thursday, 30 August 2012

0900–1230 Validation
  • Validating tools for forensic soundness
  • Measuring performance of tools and forensic processes over time
Lecture
1300–1400 Lunch  
1400–1700 Reporting Lecture

 

back to top