Introductory Open Source IT Forensics

Title: Introductory Open Source IT Forensics
Year: Mar 2013 – Version 1.0 (Version 2.0 by end 2018)
Duration: 2 weeks

Ongoing update

the course is currently in an ongoing update process.

The basic networks is moved to a new full online e-learning course (available by October 2018).

New version is made of an e-learning set of activities preparing students to attend the reshaped two weeks of classroom course with practical exercises on a criminal investigation scenario with materials developed in the scenario project.

Course Aim

The aim of this course is to provide participants with an introduction to Open Source forensic software, file systems, data carving, evidential digital artefacts, networking and network security, cloud computing, email investigations, computer forensic strategies and live data forensics.

The entire course has been developed to incorporate Open Source or free tools that are available in most Linux distributions. Therefore each learning objective below will be achieved using Open Source software.


This is a very practical course, and as a result a lot of preparation must be done by students who wish to attend it. Much of the theory will be delivered as pre-read material and recapped during the two week course in review sessions and instructor led practicals.

  • No previous advanced technical knowledge is assumed. However the students should have a basic understanding of computers and common software applications
  • This training have to be organised in partnership with UCD in order to allow prospective participants to undertake the obligation to study the pre-read material that will be sent to them.

Although technically a two week course, the real work of this course begins much earlier for the students. The idea behind this was to reduce the quantity of theory on the course and make it much more practical. As a result the students must read a selection of pre-read documents and familiarise themselves with the Linux Operating System in the months prior to the course delivery.

Students will need to be able to understand and communicate in English.

Small list of agenda / topics / main points

has a basic digital forensics theme:
Introduction to Linux, Introduction to Computer Data, Imaging and Hashing, Partitioning & Formatting, exFAT and NTFS File Systems, Data Carving, Metadata, Browser Artifacts, Registry Artifacts. Computer Forensic Strategies, Live Data Forensics

If you are interested in applying for this course please read following page