Live Data Forensics

Title: Live Data Forensics
Duration: 1 week

Course Aim

The aim of this course is to provide an introduction to Live Data Forensics and the use of Live Forensics investigative techniques.


This course is an Intermediate level module and relates to Forensic Computing. The target student group would include current practitioners in the field of live data forensics who have previously attended and passed the ECTEG Introductory IT Forensics & Network Investigations course or similar training.

A number of short pre-read modules must be completed before participating in the 5-day “in-class” training. Topics include Using Virtual Machines, Memory Analysis, Windows Command-Line Interface, Documenting & Reporting and Conducting Searches on Scene.

Students will need to be able to understand and communicate in English.

A small list of agenda / topics / main points

  • Create and Test a Live Data Forensics toolkit
  • Acquire evidence from virtual machines
  • Perform Live Data Acquisition, including disk imaging and file copying
  • Understand the importance of implementing strategies and methodologies for Live Response
  • Configure and Deploy Triage tools for live forensics
  • Understand how evidence can be acquired from Remote and Cloud Storage
  • Conduct Memory Acquisition and perform basic Memory Analysis

If you are interested in applying for this course please read the following page