Introductory Open Source IT Forensics

Title: Introductory Open Source IT Forensics
Duration: 2 weeks

Course Aim

The aim of this course is to provide participants with an introduction to Open Source forensic software, file systems, data carving, evidential digital artefacts, networking and network security, cloud computing, email investigations, computer forensic strategies and live data forensics.

The entire course has been developed to incorporate Open Source or free tools that are available in most Linux distributions. Therefore each learning objective below will be achieved using Open Source software.


This is a very practical course, and as a result, a lot of preparation must be done by students who wish to attend it. Much of the theory will be delivered as pre-read material and recapped during the two-week course in review sessions and instructor-led practicals.

  • No previous advanced technical knowledge is assumed. However, students should have a basic understanding of computers and common software applications
  • This training has to be organised in partnership with UCD in order to allow prospective participants to undertake the obligation to study the pre-read material that will be sent to them.

Although technically a two-week course, the real work of this course begins much earlier for the students. The idea behind this was to reduce the quantity of theory on the course and make it much more practical. As a result, the students must read a selection of pre-read documents and familiarise themselves with the Linux Operating System in the months prior to the course delivery.

Students will need to be able to understand and communicate in English.

An e-learning set of activities prepares students to attend the reshaped two weeks of classroom course with practical exercises on a criminal investigation scenario with materials developed in the scenario project.

A small list of agenda / topics / main points

has a basic digital forensics theme:
Introduction to Linux, Introduction to Computer Data, Imaging and Hashing, Partitioning & Formatting, exFAT and NTFS File Systems, Data Carving, Metadata, Browser Artifacts, Registry Artifacts. Computer Forensic Strategies, Live Data Forensics.

If you are interested in applying for this course please read the following page