Computer Forensic Trainings

Computer Forensic: digital investigation at the heart of incident response

Computer forensics (or Digital Forensics) covers the methods, tools and procedures used to collect, preserve, analyse and present digital evidence usable in a judicial or internal context (internal investigation, civil litigation, criminal litigation, compliance audit). It relies on rigorous principles: bit-by-bit copy (forensic image), cryptographic hashing for integrity, documented chain of custody, isolated analysis environment, repeatable methodology, traceable reporting. Forensics is a cross-cutting cybersecurity skill, mobilised in incident response (DFIR: Digital Forensics and Incident Response), internal fraud investigation, compromise investigation, malware analysis and cloud or mobile investigation.

In French-speaking Switzerland, digital forensics is leveraged by Geneva private banks, international organisations, cantonal administrations, law firms specialised in digital litigation, industrial companies facing espionage or internal fraud, and cybersecurity providers specialised in incident response. Typical requests include analysis of potentially compromised endpoints, data breach investigation, email and messaging analysis, cloud investigation (Microsoft 365, Google Workspace, AWS, Azure, GCP), mobile investigation (iOS, Android), malware analysis and judicial expertise.

The CHFI (Computer Hacking Forensic Investigator) certification from EC-Council is a recognised certification in the forensic track. It covers the full investigation cycle: preparation, acquisition, analysis, reporting and presentation. CHFI complements the offensive (CEH) and defensive (CSA, CCT) certifications of the same track. ITTA offers a specialised positioning on computer forensics and the CHFI certification, complementing our broader cybersecurity catalogue.

Whether you are a SOC analyst building up post-incident investigation skills, a security engineer running internal investigations, a digital lawyer confronted with digital evidence, a DFIR provider or a security auditor, computer forensics is a key skill. ITTA can guide you on the CHFI scope and on the complementary modules of our cybersecurity catalogue.

Computer forensics at ITTA: positioning and ecosystem

Acquisition and analysis of digital evidence

Forensics relies on precise techniques: forensic disk acquisition (write blocker, dd imaging, EnCase, FTK, X-Ways), file system analysis (NTFS, FAT, exFAT, APFS, ext4), recovery of deleted files, analysis of Windows artefacts (registry, prefetch, shellbags, jump lists, MFT), Linux and macOS analysis, memory analysis (Volatility, Rekall), network analysis (PCAP, NetFlow), mobile analysis (iOS, Android, Cellebrite, Magnet AXIOM), cloud analysis (Microsoft 365 Unified Audit Log, Azure AD logs, AWS CloudTrail). The CHFI certification covers this entire scope.

Ethical Hacking, security audit and forensics

Computer forensics fits into the broader cybersecurity ecosystem. Ethical Hacking regroups the offensive training of our catalogue, including the CEH (Certified Ethical Hacker) certification from EC-Council. CEH and CHFI are complementary: the ethical attacker knows the intrusion techniques, the forensicist can reconstitute these techniques a posteriori on the evidence left by the attacker. Security Audit covers technical and organisational audit approaches, complementary to forensics on the compliance and governance dimension.

CompTIA Cyber and other complementary tracks

CompTIA Cyber offers cross-cutting certifications (Security+, CySA+, CASP+) that set the fundamentals and defensive and SOC approaches. Mile2 offers specialised cybersecurity certifications, complementing the EC-Council certifications. For profiles aiming at a complete cybersecurity career, combining several tracks (CompTIA, EC-Council, Mile2) covers the triptych of offensive, defensive and forensic.

Computer Forensic trends in 2026

Digital forensics is evolving fast under several trends. Cloud forensics is becoming essential: evidence is now distributed across Microsoft 365, Google Workspace, AWS, Azure and GCP, which requires mastery of audit logs (Unified Audit Log, CloudTrail, GCP Audit Logs) and cloud-native analysis tools. Mobile forensics is taking a growing place with the widespread use of smartphones, encrypted messaging and cloud applications on mobile. Memory forensics is becoming critical against fileless attacks and ransomwares residing in memory. AI is used both on the attacker side (deepfakes, AI BEC frauds) and on the defence side (event correlation, NLP on logs, automated triage). Finally, regulatory requirements (GDPR, nFADP in Switzerland, NIS2 in Europe) require formalised incident response procedures, in which forensics holds a central place.

Cybersecurity training in Geneva, Lausanne and online

Our entire cybersecurity catalogue (Ethical Hacking, audit, forensics, CompTIA Cyber, Mile2) is available on-site in our Geneva and Lausanne centres, as well as in interactive virtual classroom with a live trainer. Our sessions are organised in 5-week cycles. Customised corporate training is also possible at your premises, in Geneva, Lausanne, Vaud and across French-speaking Switzerland, with a programme adapted to your technical environment (Windows, Linux, macOS, cloud, mobile), your use cases (incident response, internal investigation, litigation) and your certification objectives (CHFI, CEH, CSA, Security+, CySA+).

Why train on forensics at ITTA

ITTA offers a positioning on computer forensics with the CHFI certification, complementing our broader cybersecurity catalogue. Our cybersecurity trainers are specialists active on digital investigation missions, incident response and security audit, covering Windows, Linux and macOS endpoint analysis, memory, mobile, cloud and network. Our pedagogical team supports you in choosing the right path, identifying complementary modules (CEH, CSA, CompTIA Security+ and CySA+) and identifying funding solutions adapted to your professional situation.

Our pedagogical approach favours learning by doing, with forensic images to analyse, Windows artefacts to interpret, network traces to reconstitute, memory dumps to examine, mobile and cloud cases to investigate, and scenarios inspired by real incident and internal investigation cases. Each session combines training time, applied exercises and exchanges with the trainer, allowing each participant to progress at their own pace and leave with skills directly usable in their professional context.

Our training is aimed at varied audiences: SOC analysts, security engineers, operational security managers, DFIR providers, security auditors, digital lawyers, corporate security teams. Our pedagogical team adapts the content to the participants’ context.

Cybersecurity catalogues to explore

Here are the cybersecurity catalogues closest to computer forensics, accessible directly:

• Ethical Hacking catalogue
• Security Audit catalogue
• CompTIA Cyber catalogue
• Mile2 catalogue

FAQ

Is the CHFI certification recognised?

CHFI (Computer Hacking Forensic Investigator) is an EC-Council certification recognised in the forensic track. It covers the full investigation cycle: preparation, acquisition, analysis, reporting and presentation. It is valued for SOC analysts, security engineers, DFIR providers and auditors.

Do you need cybersecurity experience before CHFI?

Knowledge of cybersecurity fundamentals (Windows and Linux systems, network, threat models) is recommended. Many candidates approach CHFI after a foundational certification such as CompTIA Security+ or after Ethical Hacking (CEH) training. Our pedagogical team assesses your profile and guides you.

CHFI or CEH: how to choose?

CEH (Certified Ethical Hacker) covers offensive intrusion techniques. CHFI covers a posteriori investigation on evidence left by the attacker. The two certifications are complementary: a good forensicist understands offensive techniques; a good ethical attacker understands the traces they leave. For a complete cybersecurity career, both can be combined.

Are your forensics courses available for companies?

Yes, the forensics scope is available in-house, in Geneva, Lausanne and in virtual classroom, with a programme adapted to your technical environment (Windows, Linux, macOS, cloud, mobile), your use cases (incident response, internal investigation, digital litigation) and your CHFI certification objectives. Our team builds the specifications with you and organises sessions according to your calendar.