Training

Digital traces have specific characteristics based on their intangible nature. In order to properly secure digital traces, it is necessary to acquire a range of knowledge and procedures to ensure the integrity of the digital trace and its unquestionability for any further criminal, civil or labour law proceedings.

Practically focused course Acquiring digital tracks will acquaint you with the most common sources of digital traces and with specialized HW and SW for their fast and reliable securing. You will learn the procedures for securing digital tracks and you will master the preparation necessary for these tasks with regard to the specifics of each type of digital traces. You will have the opportunity to try out the acquisition of key traces from running systems, as well as the acquisition of a forensic image of common types of storage media and process procedures for further handling and manipulation of this image. You will briefly get acquainted with a number of tools for subsequent analysis of secured data, where knowledge of their features is necessary for the correct and complete acquisition of digital traces.

Length: 2 days

Suitable for: forensic experts, investigative teams

Prerequisites: recommended to take the course Theory of Digital Forensic Analysis

This course focuses on deepening your knowledge of the Windows operating system for the needs of digital forensics. The ability to understand operating system artifacts is one of the cornerstones of forensics and information security. Microsoft Windows is still the most widely used operating system in our country and is still the best source of information when detecting crime or resolving security incidents within an organization.

The course covers advanced Windows system analysis, especially data analysis of the most used file systems - NTFS, ExFAT and FAT and their recovery, registry or Event Log analysis. The course shows the possibilities of analyzing other system data, such as prefetch or thumbs.db files. Part of the course is also devoted to RAM analysis, where the structure of storing information in the operating memory or the analysis of running processes is discussed.

Length: 4 days

Suitable for: forensic analysts, forensic experts, investigative teams

Prerequisites: knowledge of the basics and principles of forensic analysis

The primary focus of this course is macOS digital forensics, but due to the interconnected ecosystem, it will also touch on the iOS mobile operating system in many topics. In general, the course content focuses not only on operating system analysis, but also on securing data from the operating system or forensic triage. Thus, the course also serves for a general understanding of how Apple devices work.

The course explains a number of basic digital forensics tasks for Apple devices, the operation of APFS and HFS+ file systems and their specifics. The course also focuses on the analysis of SQLite or plist database files. It discusses in detail the special file artifacts that are a specialty of Apple devices. It teaches you how to work with Time Machine backups, or what you can get extra when a user uses Bootcamp. In addition to analyzing web browsers or photo metadata, the course will teach you how to work with Keychain, where passwords are stored, or Terminal commands that will come in handy during a forensic triage. We'll also discuss log files - Apple Unified Logs and Apple System Logs. The course also includes a description of how FSEvents or Spotlight search metadata works.

Length: 3 days

Suitable for: forensic analysts, forensic experts, investigative teams

Prerequisites: knowledge of the basics and principles of forensic analysis

Mobile devices such as mobile phones and tablets are nowadays the primary source of digital footprints. The vast majority of an individual's communications, location history, photos, scans, documents and other important information can be found in the memory of mobile devices.

At the same time, mobile devices pose a challenge to digital forensics experts due to the low level of standardization. Whether it's overcoming device security or getting the most out of the stored data.

This course focusing on digital forensics of mobile devices will guide you through the specifics of these devices, with particular emphasis on the most widely used Android and iOS operating systems. You will learn the principles of how these systems work, their file system structure  with the limiting conditions for extracting data from these devices and the range of artefacts that can be extracted from the devices. We will review the most common tools and techniques used in mobile forensics. The possibilities and reasons for using root and jailbreak on individual devices will be mentioned, and you will also learn about JTAG and ISP methods for extracting device memory contents. The course will also focus on the use of mobile device backups and how they can be analyzed.

Length: 3 days

Suitable for: forensic analysts, forensic experts, investigative teams

Prerequisites: knowledge of the basics and principles of forensic analysis

Although a number of digital forensic analysis tasks can be performed manually with sufficient knowledge, these procedures are relatively difficult to use in practice, especially due to their time-consuming nature. A number of commercial and free forensic analysis tools are on the market to facilitate these activities. However, each tool has its own specificities and often differs significantly in its basic principle and logic of operation. That is why we have prepared specific training courses focused on the most commonly used digital forensic analysis tools.

In all cases, common issues such as software installation and license management, case management, digital trace acquisition and processing, data viewing, filtering and analysis, or trace export and reporting are included in this course. These basic topics are always discussed with respect to the specific analytical tool and are complemented by an introduction to the specific functionalities of the selected tool.

BlackBag BlackLight

BlackBag MacQuistion

EnCase Forensic

MobilEdit Forensic Express 

Autopsy

Detego

Recon Lab 

Length: depends on the product

Suitable for: users of the forensic tools in question

Prerequisites: basic procedures and principles of digital forensic analysis

Úvodní kurz k zákonu č. 181/2014 Sb., o kybernetické bezpečnosti, je určen všem zájemcům o praktickou aplikaci tohoto zákona, v první řadě pak zaměstnancům organizací, které prováděcí předpisy k tomuto zákonu zařadily pod jeho působnost. Seznámíte se nejen s obsahem samotného zákona, ale rovněž jeho prováděcích předpisů, zejména pak s vyhl. 82/2018, o kybernetické bezpečnosti, a o vazbě těchto předpisů na systémy ISMS dle ISO/IEC 27 001. Obsahem kurzu je mimo jiné i představení ze zákona povinných rolí – manažera, architekta a auditora kybernetické bezpečnosti. Dozvíte se, co to jsou informační aktiva a jaká je role jejich garanta, jaké jsou základní principy analýzy rizik a proč se tato analýza provádí a především, jaké reálné přínosy pro organizaci lze opatřeními dle tohoto zákona dosáhnout tak, aby nešlo jen o formalistické plnění předepsaných povinností.

Length: 1 day

Suitable for: IT professionals in public administration, management of KII organizations

Prerequisites: None

The biggest risk factor in cyber and information security is the human being. An organisation may have implemented a sophisticated information security management system supported by expensive SW and HW systems, but if it does not train its non-IT employees sufficiently, the effect of all these measures will be negligible and will not be commensurate with the cost of the measures.

This short course is aimed at the non-IT employees of the organization and introduces them to the issue of information security in the performance of their work in a popular educational form with a number of practical examples. The participants will learn about the basic risks in the use of information technology resources and their possible impact on the operation of the organisation. We will introduce the basic rules of safe handling of information technology resources at the level of the devices themselves and commonly used applications. A special section is devoted to the use of mobile phones and tablets, as well as home office issues and BYOD policy.

The course is always adapted to the environment of a specific organisation so that the examples used are relevant to the daily practical experience of the course participants.

Length: 1 day

Suitable for: Anyone

Prerequisites: None

Tento kurz byl navržen zejména s ohledem na potřeby svobodných povolání – advokátů, notářů, lékařů, architektů, poradců, ale i dalších profesionálů nebo malých firem. Zkrátka pro všechny, kteří denně pracují s citlivými informacemi, daty klientů nebo cenným know-how a přitom za sebou nemají zázemí velké společnosti s vlastním IT oddělením, ačkoliv objem a hodnota jejich informačních aktiv často přesahují hodnoty vlastněné velkými společnostmi.

During the course, you will learn about information security in a popular and educational way and become more aware of the value of the information assets you manage and the risks of their unauthorized access or loss. You will learn to use basic procedures and methods to protect sensitive or valuable data. We'll explain how data is stored, what all data can be found on your devices, and how to delete data you no longer need irretrievably so it can't be misused in the future.

All this without the requirement for advanced IT knowledge or a purchase of expensive special software.

Length: 1 day

Suitable for: Anyone

Prerequisites: None