Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Cybrary

Everyday Digital Forensics

via Cybrary

Overview

The objective of this course is to emphasize the fundamentals and importance of digital forensics. You will learn about core forensic open source tools and process used to conduct a forensic investigation.

This course will focus mainly on the analysis of physical storage media and volume analysis using open source software available in the market. It will cover the phases of digital investigations such as preservation, analysis and acquisition of artifacts found in hard disk, random access memory, and virtual environments.You will have the opportunity to dive into hard disk data acquisition process, both live and dead acquisitions, and study FAT and NTFS file systems in both UNIX/Linux and Windows systems.

This course will provide theoretical and practical knowledge from File system forensics analysis by Brian Carrier and Real Digital Forensics: Computer Security and Incident Response byKeith J. Jones. This course will also cover current research on Digital Forensics.

Prerequisites

  • Windows 7 (or up) Machine (or VM)
  • Comfortable with hexadecimals or binaries
  • Security and Network concepts
  • Basic experience with programming languages (i.e., python or javascript)
  • Positive attitude
  • Passion for learning

Course Goals

By the end of the course, students should be able to:

  • Understand the process to perform a digital forensics investigation
  • Identify and define file systems concepts, including EXT, FAT, and NTFS
  • Conduct live and dead disk acquisitions
  • Understand what happens when you delete a file
  • Perform data carving and Steganographic techniques
  • Properly check and execute malicious files
  • Create a complete forensics tool kit
  • Basic understanding and experience with professional tools

In a world where cyber attacks are becoming more prevalent, more digital forensic analysts are needed to preserve data, trace attacks and work with law enforcement agents.

Companies are more vulnerable than ever to cyber attacks or hacks. Once an attack has happened, companies need specialists to identify, analyze and preserve any evidence to use in legal proceedings. They also want to prevent any more attacks from happening. The collecting and preserving of the evidence is called digital forensics or sometimes also referred to as computer forensics.

For any IT professional, understanding the principles and techniques of a digital forensics investigation from the spectrum of file system analysis will help them execute a successful forensic investigation when the time comes.

Why do we need digital forensics?

After a cyber attack, it’s essential to learn where the attack came from and recover any lost data. This is when digital forensics specialists are needed.

If an attack warrants legal action, it’s important for digital forensic specialists to follow certain procedures and utilize certain tools so the evidence stands up in any legal proceedings or court.

Even if law enforcement is not involved in an attack, companies will want a digital forensic specialist to identify where the attack came from, to help prevent another in the future, and to recover any lost data.

What does a digital forensics analyst do?

Digital forensic analysts are called in after an attack. An investigation will begin that has a few phases.

First, is the preservation of data. If valuable information was compromised or lost during the hack, the digital forensic analyst’s first job is to get it back. Then, an analysis will begin. It’s the digital forensic analyst’s job to find out where the hack came from and where the company or group’s vulnerable spot was. Next, there will be the acquisition of artifacts found in hard disk, random access memory, and virtual environments. Finally, a digital forensic analyst will need to write a report for others within their organization to understand what happened, free of computer jargon.

The two major roles of a digital forensic analyst recovering data and then aiding law enforcement agencies if the case requires legal action.

Is digital forensics a good career?

The U.S. Bureau of Labor Statistics (BLS) projected a 17 percent growth digital forensics jobs by 2026, with a total of 2,600 jobs created. So, the need for digital forensics professionals is on the rise.

With a degree or certification in digital forensics, professionals can seek jobs in a cybersecurity office, be a digital forensic investigator, be a crime analyst or even work for Homeland Security.

Traditionally, digital forensics jobs were found more in the public sector, but as large companies become more vulnerable to attacks, they are hiring their own in-house specialists.

The average salary for a digital forensic analyst is $72,417, according to PayScale. Starting out, a digital forensic analyst may earn around $48,000. The more advanced and senior digital forensic specialists can earn as much as $116,000 a year.

What is the best way to learn digital forensics?

Often, employers will require digital forensic analysts to have a bachelor’s degree in forensic science or natural science. But there are other ways to earn a job in this field, even without a degree.

In-house IT professionals who will head up an internal investigation taking an online digital forensics course is a great way to prepare and arm yourself for your company or group’s next attack. For people with a more general education background looking to broaden their skill set, who hope to land a job as a digital forensic analyst, receiving an online certification will make them a more attractive candidate.

By taking an online digital forensics course through Cybrary, students will learn how to analyze physical storage media and volume analysis using open source software available in the market. Students will also learn the phases of a digital investigation. Cybrary offers interactive modules that give students the opportunity to dive into the hard disk data acquisition process, both live and dead acquisitions, and study FAT and NTFS file systems in both UNIX/Linux and Windows systems.

By taking a course with Cybrary, students can learn at their own pace through multiple brief modules. Full-time students can devour the content quickly or full-time professionals can learn a little each night when it works for them.

Syllabus

  • Investigation Process
    • Digital Forensics Investigation
    • Investigation Process
    • Data Acquisitions
    • Digital Evidence Logs
    • Discovery Recap
    • Digital Investigation Scenario
  • File Systems
    • File Systems Concepts
    • Computer Foundations
    • File System Types
    • FAT
    • FAT Examination
    • NTFS
    • Forensics Comparison of NTFS and FAT
  • Image Acquisitions
    • Image Acquisitions
    • Computer Investigations and Forensic Lab: Creating an Image with DD
    • Image Forensics Capstone Lab: Creating an Image with FTK Imager
    • Memory Extraction and Analysis Lab: Acquiring Volatile Memory
  • Mobile Forensics
    • Mobile Forensics
    • Android Operating System
    • Tools Classification System
    • Mobile Forensics Tools
    • Imaging an Android Device
    • Examining an Android Device with Santoku
    • Examining an Android Virtual Disk Image
  • Image Analysis
    • Image Analysis
    • Image Forensics Capstone Lab: Examining the Image
    • Data Recovery with Autopsy: Examining an .E01 Image
    • The Steganography Process
    • Analyzing a Malicious File

Taught by

Yesenia Yser

Reviews

Start your review of Everyday Digital Forensics

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.