Build practical capability to run computer forensics investigations that preserve evidence integrity and support confident decisions. You learn how to scope and execute forensic operations, perform structured acquisition, analyze operating system and file system artifacts, and communicate findings with clear documentation and chain of evidence discipline across common platforms and mobile sources.
Upcoming dates you can join soon.
This course runs multiple times per year, onsite and online.
Clarify examiner roles and responsibilities throughout a digital forensic investigation
Apply a correct, defensible sequence of steps for incident investigation and forensic operations
Select and use common tools (commercial and open-source) with repeatable methods
Plan and execute a forensics operation while protecting evidence through safe handling practices
Translate technical artifacts into clear findings supported by documentation
“Henri perfectly filled in the gaps in our knowledge and tailored the course contents to our difficult schedules, many thanks !”
Simon Baynes
BCMS manager
MSC MEDITERRANEAN SHIPPING COMPANY SA
“Henri and Alexis conducted a focused, intensive four-day ISO/IEC 27001 Lead Implementer Course of immediate relevance to The Global Fund. Participants representing both IT and Risk are now better prepared to design and operationise a corporate ISMS.”
Andreas Tamberg
Senior advisors enterprise risk management
The Global Fund
“Overall enjoyable training. To the point end trainer kept clear focused.”
Stephane Di Bari
Service operations manager
UNICC
Get instant answers to common questions about this course from our expert trainers.
You will be able to run a structured forensic operation that preserves evidence integrity, performs defensible acquisition, and produces clear, documented findings.
“Forensics isn't just analysis—it's analysis you can defend.”
Expert Trainer
You keep evidence defensible by controlling access, documenting every handling step, using repeatable acquisition methods, and maintaining traceable records for review.
“A result without traceability is an opinion, not evidence.”
Expert Trainer
Use digital forensics when you must preserve proof and reconstruct events reliably, especially for suspected fraud, insider activity, regulatory exposure, or potential litigation.
“Recover fast, but don't lose the proof you'll need later.”
Expert Trainer
A useful forensic report is clear, traceable, and decision-oriented, linking conclusions to evidence and documenting methods so others can review the work.
“If a non-technical leader can't follow the logic, the finding won't drive action.”
Expert Trainer
It is best for professionals who must collect and analyze digital evidence in investigations, while those lacking OS and security fundamentals may benefit from preparatory learning first.
“The best fit is anyone responsible for turning traces into defensible evidence.”
Expert Trainer
Browse every upcoming session for this course.
Quick navigation to course sections
Necessary cookies are always active. You can accept, reject non-essential cookies, or customize your preferences.