Company| Course Calendar| Services| News| Security Alerts| Enrollment| Contact Us

Digital Forensics & Cyber Investigation (Hands-On)

Intake 33
13 Sep 2010

* The Most Comprehensive Forensic Investigation Course Ever Taught *
* and Become a Certified Forensics Analyst *
Date 13 Sep 2010
Price HK$6,980.00
Sessions / Hours 10/30(hrs)
Time 7:00pm - 10:00pm
Language Cantonese with English Terms
Tutor Over 14 year of InfoSec experiences
Pros Over 30 CISSP/CISA/CISM CPE Hours
Earn GCFA in one course
Unique Course Feature
In this 30-hour course, the elements of a successful digital forensic investigator are addressed comprehensively. Specifically, this course features:
  • Strong emphasis on both conceptual and technical forensics skills so as to prepare you to become as an effective forensics investigator
  • In-depth discussions of the internals of common file systems, the secrets in acquiring data from host, network and embedded devices, and the techniques in analyzing different OS platforms and embedded devices
  • Hands-on exercises in mastering numerous investigation tools, investigating various real-world compromised systems, and analyzing unknown hacker tools and suspicious network traces
  • Course leaded by qualified and knowledgeable i-Total instructors with over 14-year pure information security experiences
Course Outline
For comprehensive coverage of the examination curriculum, we structure this course into 4 modules with a total of 30 contact hours. Details about individual modules are given below. Please email us at for more information.

1 Incident Handling and Computer Forensics
In this module, the overall incident handling and computer forensics process are discussed. Step-by-step instructions on how an organization can develop the incident handling and forensics capabilities from the ground up will be walked through.

A number of real world case studies will be examined and discussed to illustrate how identify computer attackers, and to provide valuable information on the steps students can take to improve the chances of catching and prosecuting attackers.
2 Acquisition of Digital Evidences (Hands-On*)
After substantiating the suspected incident, an investigator may need to acquire evidences in a forensically sound manner in order to determine what happened and how the case might be resolved.

As hard disks are the most significant containers of evidences, we start this module with in-depth discussions of both the logical and physical configuration of hard disks and file systems. Then, focuses will be shifted to collecting volatile and permanent data from hosts, network, embedded, and non-technical devices. Finally, details on documenting, authenticating, and handling digital evidences collected will be covered.

Hands-on practices will be provided to let participants understand how to collect volatile data, perform forensic duplications and conduct network surveillance in great details.
3 Analysis of Digital Evidences (Hands-On*)
Here comes to the meat of computer forensics. In this module, we will detail the procedures for analyzing and interpreting the acquired information so as to draw valid conclusions to assist the incident investigation and its resolution.

Firstly, generic techniques applicable to all forms of forensic investigations are discussed. Then, detailed sets of evidence steps that are specific to Windows, Unix, Linux, Solaris, MAC OS X, routers, PDAs, Smart Phones and various application servers will be provided and practiced. Furthermore, skills presentations and hands-on exercises for analyzing network traffic, determining the functionality of unknown binaries, interpreting the clues inside of Internet messages will be arranged. Upon completion of this module, you will start becoming an Internet detective and using standard Internet services to perform local and remote investigations.
4 Investigation Reporting and Legal Issues
Following vast efforts on evidence acquisition and investigation, the next nature step is to write up a forensic report documenting your findings and conclusions. In this module, some general guidelines for writing a good forensic report will be outlined. Besides, legal issues and implications pertaining to computer forensics are discussed.
* To get the most value out of the course, students are required to bring their own notebook computer.
Course Date & Venue
Date10 Monday Evening Sessions Starting 13 Sep 2010
Time7:00pm - 10:00pm
Venue7D, Trust Tower, 68 Johnston Road, Wan Chai, Hong Kong [See Map]

*i-TotalSecurity reserves the rights to modify the schedule as required.
Course Fee
Lectures (30 Hours) = Early Bird price HK$6,980.00*
Early bird price - Enroll 2 weeks before course commencement.
Course Leader
Mr. Gamin Lou, CISSP, CISA, CISM, CEH, has over 14 years experience in information systems security governance and practices. Before joining i-TotalSecurity as a security consultant, he has been working in various global and local financial institutes and was responsible for managing overall information security programs, implementing and monitoring perimeter security and intrusion detection systems, as well as responding to and investigating security incidents for the organizations.
About i-TotalSecurity
A pioneer in information systems control and security education and consultancy who bring the best knowledge, skills and practices to meet the certification and working needs of individuals and corporations.

Since 1995, our qualified and no-nonsense security specialists are teaching information security with students from leading corporations, government and military organizations internationally.
Call us at +852 2965.4445 or e-mail