Course

Objective:

Learning Outcomes:

• Distinguish between the values of data versus information
• Describe how related data 'chunks' are organized as files
• Explain how directories are organized into partitions
• Differentiate between the terms bit and byte
• Explain the cooperative role of the process manager
• Explain the functions of the file-system and the file-system drivers
• Explain how data and metadata are stored
• Recognize the default file system structure of Windows
• Explain the file system in the Android operating system
• Explain why and how to plan in preparation for investigations
• Explain why and how to journal the steps of an investigation
• Describe the work environment of a digital forensics investigator
• Describe and list the tools required to perform investigations
• Explain why continuing education is required
• Explain the reason for the separation of duties of forensics investigations
• Explain how procedures impact the forensics investigation
• Explain how to prepare for evidence gathering
• Describe the concept and process of maintaining the chain of custody
• Explain how to validate digital image evidence
• Differentiate between evidentiary reporting within the triad of computer forensics
• List the characteristics of expert witnesses
• Explain the tactics for acceptable presentation of evidence
• Recognize the difference between formal and informal reports
• Recall the special characteristics of informal written reports
• Explain the purpose and goals of oral testimony
• Recognize the examination plan of attorneys
• Explain the forensics issues with mobile computing devices
• Describe the evidentiary procedures necessary for mobile devices
• Describe the benefits of a BYOD policy and how it supports digital forensics
• Describe the file structure of most game console devices
• Explain why files are organized into directories or folders
• Explain the organization of bits in disk media and flash media
• Explain the concept of highly available storage media
• Describe a computer's boot process
• Explain the role of the memory manager
• Explain how data can be hidden on storage media
• Explain the issues of acquiring data in cloud storage systems
• Describe the file system in the iPhone operating system (iOS)
• Describe the concept of case reviews or post-mortems
• Explain how to acquire and reconstruct digital evidence
• List the strategies for extraction of evidence
• Demonstrate how software tools can assist in the extraction of evidence
• Explain the principles of evidentiary reporting for general forensics and digital forensics
• Explain the job and function of the expert witness
• Explain the legal expectations of expert witnesses
• Explain the legal expectations in evidence reporting
• Identify the tactics that prove evidence collection procedures
• Recognize the purpose and goal of written testimony
• Explain the structure and requirements of a formal written report
• Explain the characteristics of quality questions and answers
• Explain the activities of expert witnesses following their testimonies
• Explain the concept of cloud computing
• Describe the evidentiary requirements for cloud computing
• Explain search and seizure requirements for cloud computing
• Describe the file structure of most mobile devices
• Explain the role of specialized software to acquire mobile data for evidence
• Explain search and seizure requirements for mobile devices
• Explain the concept of bring your own device (BYOD)
• Explain the reason that game console devices have become the primary platform for illegal activities
• Explain the forensics issues caused by gaming console devices
• Explain the role of specialized software to acquire gaming device data for evidence

General Topics: