Live Analysis Workshop
Course details
Description
This course provides course participants with confidence in seizing volatile data from live computer systems and the necessary skills to perform a basic analysis of the seized data. Memory structures along with the different types of system information available on live computers, is presented along with the proper methodology and techniques for seizing memory and system information. Course participants learn techniques for extracting artifacts from volatile data, and learn how to perform basic interpretation and analysis of live system information.
Format and delivery
- Length of course
- 5 days
- Class size
- maximum 20 participants
- Delivery setting
- computer classroom
Learning outcomes
- Ability to extract memory from live computer systems.
- Ability to carve out data from extracted memory, including passwords, images, web pages, documents, and chat/messaging logs.
-
Ability to acquire system information from live computers, including:
- system profile, current system date, time, and uptime
- logged on users
- open ports
- running processes
- clipboard data
- startup and shutdown files
- connection information
- network status and routing information
- open files and encrypted files
- network shares
- Understanding how to analyse and interpret the extracted information and respond appropriately to the extracted system information.
Eligibility and mandatory requirements
- Registrants must be part of a technological crime investigative unit or program.
- Registrants must have successfully completed the Computer Forensic Examiner (CMPFOR) course or similar training.
- Acceptance or refusal in the course is at the discretion of the Canadian Police College.
Assessment
- Success in the course is based on participation and completion of all required assignments.
Contact
For more details or other information about the course, please email cpc_registrar-registraire_ccp@rcmp-grc.gc.ca.
- Date modified: