Course

Objective:

Learning Outcomes:

• demonstrate understanding of the computer forensic investigation process and the potential legal issues involved
• evidence searching, seizing and acquisition methodologies in a legal and forensically sound manner
• different types of digital evidence, rules of evidence, the digital evidence examination process, and electronic crime and digital evidence consideration by crime category
• the role of the first responder, the first responder toolkit, securing and evaluating an electronic crime scene, conducting preliminary interviews, documenting an electronic crime scene, collecting and preserving electronic evidence, packaging and transporting electronic evidence, and reporting the crime scene
• various file systems and how to boot a disk
• gathering volatile and nonvolatile information from Windows
• data acquisition and duplication rules, validation methods and tools required
• how to recover deleted files and deleted partitions in Windows, Mac OS X, and Linux
• the process involved in a forensic investigation using Access Data FTK and EnCase
• steganography and its techniques, steganalysis, and image file forensics
• password cracking concepts, tools, types of password attacks and how to investigate password protected files
• different types of log capturing, log management, time synchronization and log capturing tools
• the importance of the investigation of logs, network traffic, wireless attacks, and web attacks
• the importance of the tracking of e-mails and investigation of e-mail crimes
• mobile forensics and mobile forensics software and hardware tools
• the importance of writing investigative reports

General Topics: