Forensic Analyst Path
Become a certified

forensic expert: From fundamentals to excellence

A comprehensive training program, from basic to advanced courses, to become a certified and recognized forensic analyst in the field.

Obtain Official Certification and
Increase Your Market Value

The Certified Digital Forensic Expert (CDFE*) is a certification compliant with international standards, ensuring validity and recognition at both national and international levels.

Fata Informatica is a Personnel Certification Body accredited under international ISO 17024:2012 standard.

02250

University
professors
24/7 access to the course
Tests and assessment exercises
Downloadable material
Final examination and certification

Forensic Analyst Path

Our Forensic Analyst Path is designed to offer a tailored learning experience with a modular and flexible approach, designed to adapt to your needs and pace. Thanks to the structure of our courses, you can start with the Basic Course to build a solid foundation, and continue with the Advanced Course to advance your skills in the field of cybersecurity and obtain the most prestigious certifications.

CDFE certification is only issued if the requirements set out in the standard are met and after passing an official exam.

If the requirements are not met, it is possible to take the exam to obtain CPFA certification (Certification outside accreditation).

Why participate in our Forensic Analyst courses?

From Zero to Expert quickly and easily

Start with the basic course to learn the fundamentals of forensic analysis and progress to the advanced course, where you will acquire advanced analysis techniques, including those for smartphones.

Realistic Simulation Laboratories

You will have access to sophisticated simulation labs designed to replicate complex forensic investigation scenarios. This controlled environment is ideal for experimenting and honing your skills without the risks of the real world.

Acquiring the Secrets of Digital Evidence

You will learn the correct methods for acquiring digital evidence, a critical skill for preventing evidence contamination. This skill is essential for maintaining the integrity of the investigation and ensuring that evidence is admissible in legal contexts.

You will receive constant support from the teacher.

Our instructor Andrea Covino will guide you through the platform and answer all your questions

Unlimited Access to Content and Resources

Study without time constraints with content accessible online 24/7, allowing you to organize your studies around your other commitments. You will have all the material you need to prepare for the final exam, ensuring flexible training at your own pace.

You will obtain prestigious certifications

This path will lead you to obtain the Certified Associate Forensic Analyst and Certified Professional Forensic Analyst certifications(*).

(*) To obtain this certification, you must meet the requirements listed on the website certificazioni.fatainformatica.com

Teaching approach

The course integrates theory and practice, offering hands-on experience with cybersecurity tools and real-world case studies. Students learn how to detect, analyze, and mitigate cyber threats, fully understanding their scope and potential impact on organizations.

The Teacher

Andrea Covino has been working in IT since 1988, giving him over 30 years of experience.

As a project leader for major organizations, he combines field work with training activities for prestigious national and international institutions, including the Presidency of the Council of Ministers, the Ministry of Foreign Affairs, the Ministry of Economy and Finance, the Joint Intelligence Center, the C4 Command, and many others. He has an impressive number of certifications to his name, including Microsoft MCSE, MCSA, MCSD, MCT, Oracle OCP, CISSP, CISSO, Scrum Master, and Cisco CCNA Security CPFA.

The Company

We were founded in 1994 with the aim of providing IT security services to Italian companies and public administrations.
We are the only Italian company to have been included by Gartner in its ‘Marketing Guide for IT monitoring tools’ thanks to our Sentinet3 product, developed in 2004 and now recognised as the leader in the Italian market.
We have created a business unit specialising in cybersecurity services, called CybersecurityUP, with the aim of providing vertical cybersecurity services to our customers, primarily the defence sector and companies of national strategic interest.

Course details

BASIC course

Course Objectives

The course is designed to provide professionals with the essentials of forensic methodology based on their existing technical skills. Tests and workshops to reinforce concepts ensure that participants are prepared to deal with both routine and unusual events in an appropriate manner.

Detailed Programme

1. General Principles

Programme Details

Introduction to digital forensics
Terms and definitions
Chain of custody
Legal notes and guidelines
How to operate
Photographic evidence collection
How to operate

2. Digital evidence and acquisition process

Programme Details

Investigative phases, digital evidence process
The identification process
The acquisition process
The analysis process
The presentation process
Volatile and non-volatile evidence
Types of analysis
Types of analysis: basic rules
Importance of time
What to avoid
Verification commands
Acquisition process
Memory
Live system acquisition
Collection priorities
Overview of mobile acquisition
Details of the acquisition process
RAM acquisition
Memory acquisition considerations
Acquisition techniques
Types of memory dumps in Windows
1. Dump RAW
2. Dump Crash
3. Dump Hibernation file
RAM acquisition from virtual machines (VMs)
RAM acquisition tools
Disk image acquisition process
Hard disk imaging
Disk snapshot
Hard Disk
Solid state drive SSD
1. What is TRIM?
Hard disk acquisition
Hardware write-blocker
Digital seal
Disk duplication on a live system
Virtual disk acquisition
Example: HDD acquisition with FTK Imager

3. Data storage

Programme Details

Logical disk structure
MBR (Master Boot Record)
MBR and GPT
GPT (GUID Partition Table)
What is the BIOS?
What is UEFI?
File systems
1. FAT file system
2. File system characteristics
3. FAT32 file system
4. NTFS file system
  1. MFT entry attributes
  2. Extracting data from the MFT
  3. Extracting data and timeline from the MFT

4. Timeline analysis

Programme Details

What is a timeline?
Digital forensics analysis of digital systems
Forensic analysis of a computer
Preliminary operations
Tools
Creating a timeline with Autopsy
Metadata search
1. File metadata
2. Program execution
3. Commands executed by users
4. Program artifacts
Plaso
File carving
Definition
Types of file carving
Data carving software
Metadata

5. Artifact recovery

Programme Details

General forensic methodology
Analysis methodologies
1. WHAT
2. WHERE
3. WHEN
4. HOW
Artifact recovery
UserAssist key
Browser forensics
Removable devices
System event logs
Volume Shadow Copies
Prefetch
Jump Lists
Shell bags
Recycle Bin
$MFT and Journal

6. The Malware

Programme Details

Malware
1. What is malware?
2. What is a virus?
3. Worms
4. Trojans
5. Hijackers
6. Scareware / Fake AV
7. Malware structure and organization
  1. Infection
  2. Dormancy
  3. Replication and propagation
  4. Malicious actions
Incident Response
1. Threat hunting
2. Incident detection
3. Initial response
4. Formulate a response strategy
5. Proactive / reactive approach
6. The team
7. Endpoint data
8. Network data
Cyber threats
1. Cyber operations
  1. Cyber operations: IoT / ICS
  2. Cyber operations: attacks
2. Eavesdropping
3. IP spoofing
4. ARP poisoning
5. Denial of Service
6. Connection hijacking
7. Social engineering / Phishing

7. Malware Discovery

Programme Details

Malware Discovery
1. What is malware analysis?
2. Detection methods
3. Static analysis
  1. Tools for static analysis
4. Dynamic analysis
  1. Tools for dynamic analysis
5. Malware persistence techniques
  1. Run and RunOnce registry keys
  2. BootExecute registry key
  3. Userinit registry key
6. Considerations on the boot sequence of main registry keys
7. Lateral movement
8. What does lateral movement mean?
9. Windows lateral movement attacks
  1. Windows Event IDs
  2. Scheduled tasks
  3. Services
10. Techniques, Tactics & Procedures (TTPs)
11. Anti-forensics
  1. What is anti-forensics?
  2. Subcategories
    1. Data and metadata overwriting
    2. Encryption, steganography, and other hidden approaches

8. Networks

Programme Details

TCP/IP Protocol
1. Packets
  1. ISO/OSI model
  2. TCP/IP model
  3. Layers
  4. Encapsulation
2. Headers
  1. TCP
  2. IP
  3. Ethernet
3. IP Protocol
  1. Addresses
  2. Address classes
  3. Netmask
  4. IPv6
4. IP Routing
  1. Routing tables
  2. Autonomous systems
  3. Routing protocols
    1. IGP protocols
    2. EGP protocols
  4. Distance Vector
  5. RIP
  6. Link State
  7. Path Vector
5. Data Link Layer
  1. MAC addresses
  2. MAC table
  3. Switches
  4. ARP protocol
6. TCP and UDP
  1. Ports
  2. Headers
  3. Netstat command
  4. Three-way handshake
7. DNS
  1. Structure
  2. Resolution
8. DHCP Protocol
  1. Phases
  2. DHCP discover
  3. DHCP offer
  4. DHCP request
  5. DHCP hack
  6. Renewal
9. Other Protocols
  1. SNMP
  2. ICMP
  3. FTP
  4. SMTP
  5. IMAP
  6. POP3
10. HTTP Protocol
  1. HTTP request
  2. HTTP response
  3. HTTPS
  4. Cookies
  5. HTTP sessions
11. Network protection systems
  1. Web applications
  2. Proxies
  3. Firewalls
  4. Honeypots
  5. VPN
  6. IDS/IPS
  7. DLP systems

9. Network Forensics

Programme Details

Network forensics
What are network logs?
1. Types of logs?
2. Security software
3. Log protection
Pcap files
What is NetFlow?
Analyzing network traffic with Wireshark
Network traffic anomalies

Final certification

ADVANCED Course

Course Objectives

The course is designed to provide professionals with advanced forensic methodology based on their existing technical skills. Advanced tests and laboratories, designed using tools employed by law enforcement agencies and smartphones, enable participants to acquire expert knowledge in this field.

Detailed Programme

1. Introduction to digital forensics

Programme Details

Definition
Fundamental principles
Purpose of forensic analysis

2. Windows Forensic

Programme Details

Windows operating system architecture
1. Key components and areas of interest for forensic analysis
  1. File system structures and information relevant to forensic analysis
  2. File history analysis
  3. System registry analysis
  4. System log file analysis
  5. Installed applications analysis
  6. The system registry (Windows Registry)
    1. Windows Registry structure
    2. Types of system registry values
    3. Types of system registry keys and values
    4. Top-level keys
    5. System registry keys
2. Registry access:
  1. Registry access with FTK Imager
  2. Registry image acquisition
  3. Viewing the registry
  4. RegRipper GUI
  5. Registry access with special permissions
  6. Registry access: the SYSTEM user in Windows
  7. Reading the SAM hive

3. RAM Analysis & E-Mail Forensic

Programme Details

Types of RAM acquisition
FTK Imager
Windows processes
Windows services
Process tree
Suspicious network activity
Open files and registry handles
Volatility
Volatility standalone executable
Process enumeration
Email forensics
Email investigation

4. Linux Forensic

Programme Details

Forensic analysis using the Linux operating system
System structure
The system registry
The event log
Command history and anti-forensic commands
Users
Startup programs
Essential commands and tools for forensic investigations

5. Mobile Forensic

Programme Details

Isolation techniques for acquisition
Mobile device acquisition
SIM card acquisition
Internal memory acquisition (logical and/or physical)
Case study: iPhone/iPad
File systems and partitions
Main applications
Logical data acquisition
iTunes backups
Logical acquisition using dedicated software/hardware

Final certification

BASIC course certifications
+

*CDFE certification is issued only if the requirements of the standard are met and after passing an official exam.

Would you like to learn more about our courses and find out if there are any current promotions?

Fill in the form and one of our experts will get back to you as soon as possible.