Live Analysis Workshop
Course details
Description
This course is offered to technological crime investigators who may be required to seize and/or analyze system information or memory contents from live computers.
It provides students with confidence in seizing volatile data from live computer systems and the necessary skills to perform a basic analysis of the seized data. Memory structures along with the different types of system information available on live computers is covered along with the proper methodology and techniques for seizing memory and system information. Students learn techniques for extracting images, passwords, chat logs, documents, and other artifacts from volatile data. In addition, the course looks at the basic interpretation and analysis of live system information.
Format and delivery
- Length of course
- 5 days
- Class size
- maximum 20 students
- Delivery setting
- computer classroom
Learning outcomes
- Ability to extract memory from live computer systems.
- Ability to carve out data from extracted memory, including passwords, images, web pages, documents, and chat/messaging logs.
-
Ability to acquire system information from live computers, including:
- system profile, current system date, time, and uptime
- logged on users
- open ports
- running processes
- clipboard data
- startup and shutdown files
- connection information
- network status and routing information
- open files and encrypted files
- network shares
- Understanding how to analyse and interpret the extracted information and respond appropriately to the extracted system information.
Eligibility and mandatory requirements
- Registrants must be part of a technological crime investigative unit or program.
- Registrants must have successfully completed the Computer Forensic Examiner (CMPFOR) course or similar training.
- Acceptance or refusal in the course is at the discretion of the Canadian Police College.
Assessment
- Success in the course is based on participation and completion of all required assignments.
Contact
For more details or other information about the course, please email cpc_registrar-registraire_ccp@rcmp-grc.gc.ca.
- Date modified: