In the Digital Forensics Concepts course, you will learn about legal considerations applicable to computer forensics and how to identify, collect and preserve digital evidence. This course dives into the scientific principles relating to digital forensics and gives you a close look at on-scene triaging, keyword lists, grep, file hashing, report writing and the profession of digital forensic examination.
Introduction to Digital Forensics
This introductory course provides a broad overview of computer forensics as an occupation by exploring methodologies used surrounding digital forensics. In addition, the student acquires open-source forensic tools to use throughout this path.
Legal Considerations and search authority
In this module, you'll explore the laws that apply to digital forensics. Multiple state and federal laws apply to the field of digital forensics, as well as ethical concerns. This module demonstrates information commonly needed in a search warrant and a preservation request. The scope of search authority is covered, as well as the limitations of a consent search and guidelines surrounding wiretaps.
The Investigation Process
An introduction to the scientific principles of digital forensics. This module covers scientific principles that apply to digital forensics. The student learns about transfer of evidence, the difference between a witness and an expert witness and "big data" concerns and solutions.
Recognizing and Collecting Digital Evidence
Prepare for the practical side of forensic examinations with this module on physical evidence handling. In addition to forensic examinations, most digital investigators must understand how to manage physical evidence before, during and after leaving the scene. This module explores what to bring to a scene and how to prepare and label digital evidence for documentation purposes. You'll also examine how to collect and preserve the evidence for transportation and secure storage.
Preservation of evidence/On scene triage
Explore the details of digital device triage. Triaging a digital device is essential knowledge. Proper on-scene triage prevents the loss of volatile data and the collection of unnecessary devices. This module discusses capturing RAM, recognizing and dealing with encryption and destructive processes and triaging devices with a forensic boot media.
Hash values and file hashing
A look at hash values and hash algorithms. In this module, the student learns how to use hash values as a way to include or exclude files from an investigation. This includes a discussion of different types of hash algorithms and how to hash individual files versus hashing drives.
Creating a disk image
In this module, you'll explore the importance of creating a disk image. Forensic examiners need to be meticulous in their work to avoid cross-contamination when creating a bit-stream copy. This module explains the importance of sterilizing media, how to validate tools, proper application of the write-blocker and validating the forensic bit-stream copy.
Keyword and grep searches
Explore the details of keyword and grep searches. How to conduct a keyword search using automated tools and how to establish a keyword list is covered in this module. The student receives an overview of grep, as well as completing a grep search using an automated tool.
A look at network basics for the computer forensics investigator. This module describes what a network is, how it functions, what IP addresses are and an IP address’s function on the network. This module also explores what a MAC address is and why it is vital to network forensics. Internet protocols are also covered.
Reporting and Peer Review
A look at the importance of reporting and peer review. Report writing and peer review are of utmost importance. In this module, the student examiner learns what information to include and what does not belong in a final report. The student views several example reports, as well as generates a report using forensic software.