Cybersecurity

Lead Forensics Examiner

Build practical capability to run computer forensics investigations that preserve evidence integrity and support confident decisions. You learn how to scope and execute forensic operations, perform structured acquisition, analyze operating system and file system artifacts, and communicate findings with clear documentation and chain of evidence discipline across common platforms and mobile sources.

4 days
in person, virtual live, self study, self study private coaching
Certified bypecb logo

What you'll gain

Run a repeatable forensic workflow from acquisition to presentation
Protect evidence integrity with defensible chain of evidence practices
Analyze common OS and file system artifacts across Windows, Mac OS X, and Linux
Use open-source and commercial tools appropriately during investigations

Next sessions

Upcoming dates you can join soon.

This course runs multiple times per year, onsite and online.

View sessions
Tentative
EN
31 Dec
Self-study
Virtual Live + Onsite

Key takeaways

  • Clarify examiner roles and responsibilities throughout a digital forensic investigation

  • Apply a correct, defensible sequence of steps for incident investigation and forensic operations

  • Select and use common tools (commercial and open-source) with repeatable methods

  • Plan and execute a forensics operation while protecting evidence through safe handling practices

  • Translate technical artifacts into clear findings supported by documentation

Course Description

Loading content...

Course Details

  • Loading content...

Professional Testimonials

Henri perfectly filled in the gaps in our knowledge and tailored the course contents to our difficult schedules, many thanks !

Simon Baynes

BCMS manager

MSC MEDITERRANEAN SHIPPING COMPANY SA

Simon Baynes
Henri and Alexis conducted a focused, intensive four-day ISO/IEC 27001 Lead Implementer Course of immediate relevance to The Global Fund. Participants representing both IT and Risk are now better prepared to design and operationise a corporate ISMS.

Andreas Tamberg

Senior advisors enterprise risk management

The Global Fund

Andreas Tamberg
Overall enjoyable training. To the point end trainer kept clear focused.

Stephane Di Bari

Service operations manager

UNICC

Stephane Di Bari

Frequently Asked Questions

Get instant answers to common questions about this course from our expert trainers.

What practical work will you be able to perform after this training?

You will be able to run a structured forensic operation that preserves evidence integrity, performs defensible acquisition, and produces clear, documented findings.

Forensics isn't just analysis—it's analysis you can defend.

Expert Trainer

digital forensicsevidence integrityforensic workflowforensic acquisition+3 more

How do you keep digital evidence defensible from collection to reporting?

You keep evidence defensible by controlling access, documenting every handling step, using repeatable acquisition methods, and maintaining traceable records for review.

A result without traceability is an opinion, not evidence.

Expert Trainer

chain of evidenceevidence handlingdefensible forensicsdocumentation+3 more

When should an organization use digital forensics instead of only incident response?

Use digital forensics when you must preserve proof and reconstruct events reliably, especially for suspected fraud, insider activity, regulatory exposure, or potential litigation.

Recover fast, but don't lose the proof you'll need later.

Expert Trainer

incident responsedigital forensicsregulatory exposureinsider threat+2 more

What makes a forensic report useful to executives and legal stakeholders?

A useful forensic report is clear, traceable, and decision-oriented, linking conclusions to evidence and documenting methods so others can review the work.

If a non-technical leader can't follow the logic, the finding won't drive action.

Expert Trainer

forensic reportingexecutive communicationlegal defensibilitytraceability+2 more

Who is this course for, and who may need a different starting point?

It is best for professionals who must collect and analyze digital evidence in investigations, while those lacking OS and security fundamentals may benefit from preparatory learning first.

The best fit is anyone responsible for turning traces into defensible evidence.

Expert Trainer

target audiencecomputer forensicscybersecurity rolescyber intelligence+2 more

All sessions

Browse every upcoming session for this course.

1 sessions
Next session
31 Dec · Self-study · EN
Lead Forensics Examiner
Tentative

Lead Forensics Examiner

Session: EN
Materials: EN
31 Dec-31 Dec
4 jours
Virtual-Live + Onsite
Self-study
€ Contact us for pricing
pecb logo

We use cookies to improve your experience

Necessary cookies are always active. You can accept, reject non-essential cookies, or customize your preferences.