This course provides an overview of computer forensics and investigation tools and techniques. Operating system architectures and disk structures will be discussed, as well as what computer forensic hardware and software tools are available. Other topics include the importance of digital evidence controls, how to process crime and incident scenes, the details of data acquisition, computer forensic analysis, email investigations, image file recovery, investigative report writing, and expert witness requirements. The course provides a range of laboratory and hands on assignments that teach about theory as well as the practical application of computer forensic investigation. This course also is a required course for the NSA/DHS KU Alignment for the CAE-CDE Designation.
Learning Objectives
- A. determine the necessity for forensic preparedness procedures and recognize the appropriate moments for instigating an investigation and involving law enforcement;
- B. recognize typical forms of computer crime and abuse and the relevant evidence;
- C. assist in determining where and how evidence may be stored in computers, and how this evidence may be extracted without contamination;
- D. participate in the selection of appropriate tools for forensic investigation; and
- E. define current terminology within computer forensics.
Framework Connections
Feedback
If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.