Reveal clues thanks to DFF and Open Source tools.

ArxSys delivers high quality training programs teaching you how to conduct a digital investigation and develop your own tools using DFF and Open Source technologies.

Code guru digital analysis using microscope law keyboard key

Programs

  • DFF  Fundamentals

Realize a complete system analysis using DFF and Free / Open Source tools. Discover every requiered steps and best practices to perform during the research of digital evidences. (3 days)

  • DFF Advanced

Discover step by step each layers and components of DFF. Participants will learn how to build their own scripts and modules with DFF libraries and Object Oriented Programming concepts. (3 days)

  • Specialists

Specialists programs are in-depth trainings regarding specific technologies. We highly recommend to do fundamental and advanced programs since some developments and use cases will be done within DFF.

  • DFF Boot-Camp

The boot-camp includes fundamentals and advanced programs. After this 5 days training program, participants will be able both to analyse and develop using DFF and Open Source technologies.

Online trainings (coming soon)

  • Access to our online virtual laboratory
  • Homebrew dumps
  • Step by Step videos
  • Complete documentation
  • Forum and other services

Contact us for more details

On-site Training

If you have a team of professionals who would like to be trained on DFF and Open Source digital forensics technologies, you can save on lodging and travel costs by bringing a high qualified trainer to your location. Please contact us for any specific on-site training needs. We can tailor our offerings and services to suit any projects and requirements.

Academic program

Focus on knowledge and not on licensing cost thanks to free and Open Source softwares. Contact us to study how you could create or upgrade high valuable Digital Forensics courses.

Attendies

Security consultants, Digital forensics examinors and laboratories, security and system administrators, ...

Objectives

  • Install and configure an analysis environment (discovery of Open Source tools)
  • Identify, collect and analyze digital data
  • Learn by practicing exercices and study cases.

Content

  • Introduction to digital forensics
  • Presentation of storage medium and volatile memory
  • Comparison of classical acquisition files format (RAW, EWF, AFF)
  • Acquisition processes and handling of resulting files
  • Volumes overview (Partitions, RAID, VmWare)
  • FileSystem overview (FAT12/16/32, NTFS, ExtFs2/3/4)
  • Reducing number of files to analyze (based on NSRL databases)
  • Indexing, filtering and searching (based on files content and metadata)
  • Windows Registry analysis
  • Mailboxes analysis
  • File carving

General information

Attendies

System administrators, security consultants, digital forensics and eDiscovery laboratories.

Objectives

  • Introduction to Python programming language
  • Discovery of DFF Application Programming Interfaces (API)
  • DFF "Hello World" module
  • Learn and practice with exercices and case studies

Content

  • Introduction to python programming language and object oriented programming
  • Install and configure a development environment
  • Discovery of Python modules
  • Using DFF IDE and Interpreter
  • DFF internals
  • DFF API overview
  • Creating and configuring a module
  • Extracting and manipulating files data
  • Reconstruction and advanced memory mapping (FSO / MFSO)
  • Debugging
  • Introdution to Qt (pronounces Cute) framework API
  • Develop a graphical module

General information

In-depth volumes, FS and registry Forensics (3 days)

  • Dos Partitions (primary and extended, antiforensics)
  • Virtual volumes (disk descriptor, extents, table structures, snapshots, block mapping ...)
  • File systems structures overview (tree, data structures ...)
  • FAT 12/16/32 (Boot record, File Allocation Table, Directory entries, clusters chain, antiforensics)
  • NTFS (Boot sector, MFT, FILE records, INDX, ADS, compression ...)
  • EXTFS 2/3/4 (superblocks, group descriptors, inodes ...)
  • Registry file structures (Hives, Keys, and Values)

Flash Memory Forensics (2 days)

  • NOR and NAND memory chips overview
  • Acquisition methods
  • Flash Translation Layer overview
  • Memory allocation and management
  • Erase blocks, pages
  • Garbage Collection
  • Blocks reconstruction and remapping