Course Summary
Credit Type:
Organization's ID:
2 weeks (80 hours)
Dates Offered:
Credit Recommendation & Competencies
Level Credits (SH) Subject
Upper-Division Baccalaureate 5 Information Technology, Security, or Computer Forensics


The course objective is to provide Department of Defense and federal law enforcement cyber investigations analysts with the basic forensic techniques using Forensic Toolkit (FTK) and other forensic tools to analyze, recover, and report digital evidence.

Learning Outcomes:

  • Conduct a forensic examination of a computer with a Windows operating system in a lawful manner
  • Explain the basic forensic concepts, principles, fundamentals and process of disk partitioning, data storage, common file systems, registries, special artifacts, and operating systems
  • Summarize hardware and software requirements for a forensic workstation with FTK
  • Demonstrate the basic functions, configurations, outputs, tools, and settings of FTK
  • Examine a forensic image from a Windows computer using basic forensic processes and automated tools in FTK

General Topics:

  • Setting up the forensic workstation
  • Lab requests and chain of custody
  • Using FTK for case management
  • The File Allocation Table file system, partition tables, and hash sets
  • Windows registry
  • Password recovery using the Password Recovery Toolkit
  • Reporting findings and testifying in Moot court trial
Instruction & Assessment

Instructional Strategies:

  • Case Studies
  • Classroom Exercise
  • Computer Based Training
  • Discussion
  • Lectures
  • Practical Exercises

Methods of Assessment:

  • Examinations
  • Quizzes
Supplemental Materials