Scripting for Digital Forensic Investigators
This class is offered in partnership with INSIG2, one of Europe’s leading digital forensic and integrated security educational providers.
About the Class
The position of a digital forensic investigator can be a difficult job. The large amount of evidence and data that needs to be examined and processed requires a lot of time and resources, which can be challenging, especially if the lab doesn’t have all the necessary equipment. If you are a digital forensics examiner, investigator, cyber security specialist, or analyst that understands only basics of programming and want to take it to the next level, this is the course for you.
You will be able to use, build, and develop scripts to elevate your extraction and analysis capabilities, and solve both common and challenging forensic problems. The fundamentals of this class are hands on with scripting/automating digital forensic problems. Scripts used in this class cover different fields of Digital Forensics such as computer, mobile, network, OSINT and general forensic analysis.
After finishing this course, you will be able to integrate batch, power shell, and Python scripts with your everyday tasks and duties. You’ll not only become more efficient but be able to solve more demanding problems that previously may have been out of reach. The knowledge gained in this course will accelerate the analysis process because you will not have to do a manual search, just simply run the script and see the results.
Scripting Course Details
- Course Code: AT-SCRIPT
- Duration: 5 Days
- Laptop Required?: Yes
- This class is open to all forensic professionals.
- *Please Note: Due to the sensitive nature of our curriculum, and industry, all potential students are subject to vetting prior to enrollment. We reserve the right to refuse registration to any person that does not meet our established criteria.
The instructor explained and walked us through the processes in a very understandable way. He took us through the powerpoints and the labs and insured we had a good working knowledge of the material.
- Understand simple programming algorithms and create programs using metalanguage.
- Create algorithms for simple processes in digital forensics.
- Learn basics of batch and shell scripting
- Learn basics of PowerShell scripting
- Use Python IDE, and digital forensics libraries related to forensics.
- Understand and work with basic data types and structures within Python programming language.
- Write functions for solving digital forensic issues and know how to accept values through parameters.
- Understand and modify existing programs for digital forensic analysis according to your needs.
- Learn how to combine different scripts and make connections between python, batch and PowerShell
- Understand and apply good coding practices in digital forensic and defensive programming.
- Write and use programs that automate common tasks during forensic examinations which can help the investigator by making retrieval of evidence faster and reducing the amount of undiscovered evidence.
There are no prerequisites required for this course, the only requisite for taking the class is very good experience in conducting digital forensic investigations and understanding the background of digital forensic analysis tools.
Students will receive a manual that contains the class materials and worksheets. Also, all the exercises, exercise solutions, and scripts created during the training will be given to students at the end of the class.
What Will I Learn?
- Basic concepts of computer programming
- Understanding how and why scripting languages can help us improve digital forensic investigations
- Batch scripting in digital forensic
- Power shell scripting in digital forensic
- Python installation and overview
- PyCharm installation and overview
- Basic data types and structures within Python programming language
- Simple digital forensic problems interpreted through Python scripts
- Hands on exercises
- Digital forensics libraries and modules related to forensics, their implementation into Python environment
- Objects and classes and their importance in Python programming
- Online sources and databases for Python based digital forensic scripts
- Hands on exercises
- Understanding and modifying existing programs for digital forensic analysis
- Writing and using programs that automate common tasks during forensic examinations
- Finding online sources and documentation for digital forensic investigations
- Hands on exercises – working on different scripts related to digital forensics
- Continuing with hands on exercises from the previous day
- Python integration with other forensic tools
- Student evaluation
We prefer students to bring their own laptops whenever possible. If this is not possible, Teel Tech Canada will provide one for you. If you are unable to bring your own laptop, please indicate so on the registration page.
For students bringing a laptop to class, please ensure they meet the following minimum requirements:
- Windows 7
- Windows 8.x and 10.x using these instructions (turn off driver sig enforcement)
- macOS with Bootcamp Windows 7
- macOS with Bootcamp Windows 8.x and Win 10.x using these instructions
- macOS alone will not work (No Virtual Machines)
- 8GB RAM (minimum)
- 100GB storage (minimum)
- You must have Admin rights or have the admin password for software installation.
- NOTE: ALL Windows updates should be done prior to class