Training in digital forensic analysis and information security

In the rapidly evolving segment of IT security, continuing education is key

Only few fields of human activity are evolving as fast as the information technology segment. And if we talk about the fact that IT technologies are evolving rapidly, then the field of information technology security is evolving rapidly as well. And in such a dynamically changing field, lifelong learning is a key prerequisite for success.

The focus of the content of our trainings is on the issue of digital forensic analysis - from its complete foundations and managerial level, through daily routine to specialized activities. Our partnership with the world's leading manufacturers of specialized forensic HW and SW then allows us to offer product training focused on specific work with specific forensic tools. All our trainers have many years of experience in the field of practical performance of digital forensic analysis, processing of expert opinions, investigation of security incidents and eDiscovery.

We also focus on training in the field of ISMS, especially on the practical application of ISO / IEC 27000 series standards and Act No. 181/2014, on cyber security.

The last group is popular-educational training focused on information security for non-professionals, therefore for professions outside of IT - whether they are managers, regular employees or self-employed or self-employed.

Training in Digital Forensic Analysis

Theory of Digital Forensic Analysis

Number of professionals who do not perform forensic analysis tasks themselves often encounter the issues of forensic analysis - whether they are lawyers, legal specialists, company managers, internal auditors or security experts. However, knowledge of the basics of forensic analysis is often crucial to the performance of their work.

For professionals from related industries, we have prepared a more theoretically oriented course, designed for a basic understanding of the principles of digital forensics and its benefits for a specific profession. During the course you will learn the basic principles of forensic investigation and the procedures and methodologies applied in its implementation. You will gain insight into the issues of digital traces and the limits of their use, and learn about the specifics that distinguish them from other fields.

The role of digital forensic analysis within the organization and its benefits will become clear, not only in relation to ISO / IEC 27 000 or the Cyber Security Act, but also in terms of the conditions for implementing digital forensic analysis processes in the organization. For legal specialists, there is a section focused on the role of digital forensic analysis in civil, criminal and work law issues and on understanding the issue of digital footprints from the point of view of law.

Length: 1 day

Suitable for: management, IT admins, CIO ect.

Prerequisites: None



Forensic Analysis in Practice

Digital traces have specific characteristics based on their intangible nature. In order to properly secure digital traces, it is necessary to acquire a range of knowledge and procedures to ensure the integrity of the digital trace and its unquestionability for any further criminal, civil or labour law proceedings.

Practically focused course Acquiring digital tracks will acquaint you with the most common sources of digital traces and with specialized HW and SW for their fast and reliable securing. You will learn the procedures for securing digital tracks and you will master the preparation necessary for these tasks with regard to the specifics of each type of digital traces. You will have the opportunity to try out the acquisition of key traces from running systems, as well as the acquisition of a forensic image of common types of storage media and process procedures for further handling and manipulation of this image. You will briefly get acquainted with a number of tools for subsequent analysis of secured data, where knowledge of their features is necessary for the correct and complete acquisition of digital traces.

Length: 2 days

Suitable for: forensic experts, investigative teams

Prerequisites: recommended to take the course Theory of Digital Forensic Analysis


Windows Forensic Analysis

This course focuses on deepening your knowledge of the Windows operating system for the needs of digital forensics. The ability to understand operating system artifacts is one of the cornerstones of forensics and information security. Microsoft Windows is still the most widely used operating system in our country and is still the best source of information when detecting crime or resolving security incidents within an organization.

The course covers advanced Windows system analysis, especially data analysis of the most used file systems - NTFS, ExFAT and FAT and their recovery, registry or Event Log analysis. The course shows the possibilities of analyzing other system data, such as prefetch or thumbs.db files. Part of the course is also devoted to RAM analysis, where the structure of storing information in the operating memory or the analysis of running processes is discussed.

Length: 4 days

Suitable for: forensic analysts, forensic experts, investigative teams

Prerequisites: knowledge of the basics and principles of forensic analysis


macOS Forensic Analysis

The primary focus of this course is macOS digital forensics, but due to the interconnected ecosystem, it will also touch on the iOS mobile operating system in many topics. In general, the course content focuses not only on operating system analysis, but also on securing data from the operating system or forensic triage. Thus, the course also serves for a general understanding of how Apple devices work.

The course explains a number of basic digital forensics tasks for Apple devices, the operation of APFS and HFS+ file systems and their specifics. The course also focuses on the analysis of SQLite or plist database files. It discusses in detail the special file artifacts that are a specialty of Apple devices. It teaches you how to work with Time Machine backups, or what you can get extra when a user uses Bootcamp. In addition to analyzing web browsers or photo metadata, the course will teach you how to work with Keychain, where passwords are stored, or Terminal commands that will come in handy during a forensic triage. We'll also discuss log files - Apple Unified Logs and Apple System Logs. The course also includes a description of how FSEvents or Spotlight search metadata works.

Length: 3 days

Suitable for: forensic analysts, forensic experts, investigative teams

Prerequisites: knowledge of the basics and principles of forensic analysis


Forensic Analysis of Android and iOS Mobile Devices

Mobile devices such as mobile phones and tablets are nowadays the primary source of digital footprints. The vast majority of an individual's communications, location history, photos, scans, documents and other important information can be found in the memory of mobile devices.

At the same time, mobile devices pose a challenge to digital forensics experts due to the low level of standardization. Whether it's overcoming device security or getting the most out of the stored data.

This course focusing on digital forensics of mobile devices will guide you through the specifics of these devices, with particular emphasis on the most widely used Android and iOS operating systems. You will learn the principles of how these systems work, their file system structure  with the limiting conditions for extracting data from these devices and the range of artefacts that can be extracted from the devices. We will review the most common tools and techniques used in mobile forensics. The possibilities and reasons for using root and jailbreak on individual devices will be mentioned, and you will also learn about JTAG and ISP methods for extracting device memory contents. The course will also focus on the use of mobile device backups and how they can be analyzed.

Length: 3 days

Suitable for: forensic analysts, forensic experts, investigative teams

Prerequisites: knowledge of the basics and principles of forensic analysis


Product Training of Forensic Tools

Although a number of digital forensic analysis tasks can be performed manually with sufficient knowledge, these procedures are relatively difficult to use in practice, especially due to their time-consuming nature. A number of commercial and free forensic analysis tools are on the market to facilitate these activities. However, each tool has its own specificities and often differs significantly in its basic principle and logic of operation. That is why we have prepared specific training courses focused on the most commonly used digital forensic analysis tools.

In all cases, common issues such as software installation and license management, case management, digital trace acquisition and processing, data viewing, filtering and analysis, or trace export and reporting are included in this course. These basic topics are always discussed with respect to the specific analytical tool and are complemented by an introduction to the specific functionalities of the selected tool.


BlackBag BlackLight

BlackBag MacQuistion

EnCase Forensic

MobilEdit Forensic Express 



Recon Lab 


Length: depends on the product

Suitable for: users of the forensic tools in question

Prerequisites: basic procedures and principles of digital forensic analysis


Information Security Management Training

Introduction to ISMS and ISO/IEC 27 001

A managerial and practical introduction to the Information Security Management System according to ISO/IEC 27 001. The content of the course is designed to provide a basic overview of ISMS and the ISO/IEC 27 000 family of standards to all those already working or planning to work in the field of cyber and information security. In particular, it is aimed at current or prospective CIOs and CSOs, internal auditors and IT professionals who wish to expand their portfolio into the Security field.

During the training, you will learn the basic principles of ISO/IEC 27 001 and how this group of standards relates to other management systems. You will learn about the importance of ISMS in an organization and the basic requirements for implementing this management system. You will learn how to work with basic concepts such as information assets, risk analysis and design of measures. We will explain the role of the different roles within the ISMS, the requirements for their performance and the actual scope of their activities.

Completion of the course provides a sufficient basis for further specialization in the field of ISMS, e.g. for positions of internal or lead auditors. On the other hand, it provides managers with a basic understanding of ISMS implementation issues and ISO/IEC 27 001 certification.


Length: 1 day

Suitable for: management, candidates for CIO/CISO positions, internal auditors

Prerequisites: None



Cyber Security Law

Úvodní kurz k zákonu č. 181/2014 Sb., o kybernetické bezpečnosti, je určen všem zájemcům o praktickou aplikaci tohoto zákona, v první řadě pak zaměstnancům organizací, které prováděcí předpisy k tomuto zákonu zařadily pod jeho působnost. Seznámíte se nejen s obsahem samotného zákona, ale rovněž jeho prováděcích předpisů, zejména pak s vyhl. 82/2018, o kybernetické bezpečnosti, a o vazbě těchto předpisů na systémy ISMS dle ISO/IEC 27 001. Obsahem kurzu je mimo jiné i představení ze zákona povinných rolí – manažera, architekta a auditora kybernetické bezpečnosti. Dozvíte se, co to jsou informační aktiva a jaká je role jejich garanta, jaké jsou základní principy analýzy rizik a proč se tato analýza provádí a především, jaké reálné přínosy pro organizaci lze opatřeními dle tohoto zákona dosáhnout tak, aby nešlo jen o formalistické plnění předepsaných povinností.


Length: 1 day

Suitable for: IT professionals in public administration, management of KII organizations

Prerequisites: None



Information Security Basics for Non-IT Employees

The biggest risk factor in cyber and information security is the human being. An organisation may have implemented a sophisticated information security management system supported by expensive SW and HW systems, but if it does not train its non-IT employees sufficiently, the effect of all these measures will be negligible and will not be commensurate with the cost of the measures.

This short course is aimed at the non-IT employees of the organization and introduces them to the issue of information security in the performance of their work in a popular educational form with a number of practical examples. The participants will learn about the basic risks in the use of information technology resources and their possible impact on the operation of the organisation. We will introduce the basic rules of safe handling of information technology resources at the level of the devices themselves and commonly used applications. A special section is devoted to the use of mobile phones and tablets, as well as home office issues and BYOD policy.

The course is always adapted to the environment of a specific organisation so that the examples used are relevant to the daily practical experience of the course participants.


Length: 1 day

Suitable for: Anyone

Prerequisites: None



Protecting Sensitive Data in Work and Personal Life

Tento kurz byl navržen zejména s ohledem na potřeby svobodných povolání – advokátů, notářů, lékařů, architektů, poradců, ale i dalších profesionálů nebo malých firem. Zkrátka pro všechny, kteří denně pracují s citlivými informacemi, daty klientů nebo cenným know-how a přitom za sebou nemají zázemí velké společnosti s vlastním IT oddělením, ačkoliv objem a hodnota jejich informačních aktiv často přesahují hodnoty vlastněné velkými společnostmi.

During the course, you will learn about information security in a popular and educational way and become more aware of the value of the information assets you manage and the risks of their unauthorized access or loss. You will learn to use basic procedures and methods to protect sensitive or valuable data. We'll explain how data is stored, what all data can be found on your devices, and how to delete data you no longer need irretrievably so it can't be misused in the future.

All this without the requirement for advanced IT knowledge or a purchase of expensive special software.


Length: 1 day

Suitable for: Anyone

Prerequisites: None



Digital Forensic Review

Digital Forensic Review is a journal dedicated to digital forensics, the expert examination of digital data and information systems. It is intended for experts in the relevant fields, specialists of police forces, prosecutors, lawyers and courts who come into contact with criminal activities where digital devices or data are used as evidence or sources of information, as well as information security specialists, especially in the processes of investigating security incidents, and a wide range of other professionals in the field, as well as others interested in the issue of digital forensic analysis.

It is published twice a year in a small print run primarily for public libraries and university and college libraries, or as needed for training and similar activities based on availability and on request.

The journal is freely available as an electronic download in PDF format in an archive on this website and for reading on the website ISSUU.

The publisher is Institut pro digitální forenzní analýzu, z.sThe journal is peer-reviewed in the sections Methodology, Practice and Discussion.

Dominik Novák


Interested in training?

+420 722 018 021