Digital Investigator

05/08/2013 - 28/02/2014

project image

The focus of this course is to provide a foundation in investigating network-based crimes, and in proactive methods that can be used to assess network-based threats.

The course is structured in five key areas, and will re-enforce knowledge, building up to a final large-scale investigation. Attendees will be assessed for their skills after each day, and then at the end as part of the investigation.

The course is supported by on-line testing, on-line videos, fun activities and a range of sample network traces.

Day 1. Network Traffic

Overview: This involves an in-depth analysis of the capture and analysis of network based traffic, including all the key protocols involves. This includes ARP, ICMP, IP, TCP, Email, Remote Access, and a wide range of protocols.

Learning Outcomes:

·         Understanding of the key traces of the timeline of activity.

·         Develop a deep understanding in how to analyse the details of a trace, especially focused on the key places for evidence gathering.

Day 2. Vulnerability Analysis

Overview: This involves investigating a range of tools which can be used to probe for vulnerabilities within an IT infrastructure, and uses tools such as NMAP and NESSUS to analyse weaknesses in systems. This knowledge can be used to provide support for organisations, and also to provide vectors into criminal infrastructures.  Along with this the investigator will gain the skills of identifying probes within a network, which might identify signs of criminal activities. The day will also cover taking an adversary role in order to exploit weaknesses.

Learning Outcomes:

·         Understand how to use vulnerability scanning tool to assess systems.

·         Identify the key traces of someone probing into a network in order to discover information.

·         Follow an adversary role in order to exploit a weakness.

Day 3. In-depth Penetration Testing and Log Analysis

Overview: This day builds on Day 2 and analyses Web-based infrastructure in order to gather information around an intrusion.

Learning Outcomes:

·         Understand the methods used to gather information related to an intrusion.

·         Develop an in-depth knowledge of probing within a network infrastructure.

·         Develop an understanding of how to analyse and find information which large log files.

Day 4. Malware Analysis

Overview: This day analyses malware in detail, and aim to understand how malware is transmitted over a network and the pointers for investigation when the malware has infected a host.

Learning Outcomes:

·         Understand a how real-life malware work and the trails of evidence that they leave.

·         Understand how to investigate key places for malware analysis, including from memory, the registry, network traffic, and the trace on disk systems.

·         Define ways of clearing a malware.

Day 5: Large-scale Investigation and Exploit.

Overview: This day sets up a number of large-scale investigation, in order to determine the key trails of incidence.

Learning Outcomes:

·         Understanding of how to analyse and report on a network traffic investigation for a simulated criminal event.

·         Understanding of how to analyse and report on network and host log investigation for a simulated criminal event.

·         Understanding of how to scan a host and then exploit it to gain access to some sensitive data.

Digital Investigator is a Continuing Professional Development project funded by Police. Carried out in collaboration with and others. For further information please refer to
[Read More]

Related Projects

  • Dynamic Forensics Evaluation and Training (DFET)
    Dynamic Forensics Evaluation and Training (DFET) will create new training methods/techniques to support judicial authorities, law enforcement agencies and associated stakeholders in the fight against cybercrime through the development of a virtual (cloud-based) cybercrime training environment to...
  • vSoC
  • vSOC - KTP
  • Symposium on Cyber Security
    Aim and Scope of Symposium This symposium aims to bring together knowledge from many different domains in order to create knowledge exchange and collaborative infrastructures, which address the key cyber risks that Scotland and the UK faces.
  • Next-generation Threat Detection KTP
next prev

Areas of Expertise link icon

  • Cyber-Security
    Electronic information now plays a vital role in almost every aspect of our daily lives. So the need for a secure and trustworthy online infrastructure is more important than ever. without it, not only the growth of the internet but our personal interactions and the economy itself could be at risk.
next prev

Project Team

William Buchanan
Director of CDCS
+44 131 455 2759
Richard Macfarlane
+44 131 455 2335
Adrian Smales
Research Fellow
+44 131 455
Robert Ludwiniak
+44 131 455 2780
Gordon Russell
Senior Lecturer
+44 131 455 2754

Associated Publications