This course focuses on encryption techniques and practical approaches to dealing with encryption when encountered in a digital investigation. Students will learn encryption and hashing algorithm techniques including the relationship of algorithm complexity to password strength. They will be able to demonstrate password cracking techniques and methods to counter whole-disk encryption. Memory and network-based encryption will be explored as will the use of encryption in Malware applications. Steganography and other encryption techniques used to hide or obfuscate data will be examined.
Learning Objectives
- Differentiate and demonstrate symmetric and asymmetric encryption technologies, public key infrastructure (PKI) and public and private key concepts.
- Analyze the output of hashing algorithms to justify choice of algorithm and to validate the accuracy of the results.
- Compare and contrast specific whole-disk encryption complexities and potential solutions to examination challenges.
- Understand how encryption and hashing techniques are used to prevent discovery or removal.
- Explain the conceptual principles underlying the tools used for encrypting and decrypting full disks and files and the limitations of those tools.
- Analyze the components of a Network investigation and determine appropriate course of action based on encryption complexity and seriousness.
- Translate the technical explanations of data at rest/data in motion encryption processes to language and /or visualizations appropriate to a non-technical audience through lab exercises
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Specialty Areas
- Systems Architecture
- Digital Forensics
- Cyber Investigation
- Collection Operations
- Exploitation Analysis
Feedback
If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.