Course Description
This course focuses on encryption techniques and practical approaches to dealing with encryption when encountered in a digital investigation. Students will learn encryption and hashing algorithm techniques including the relationship of algorithm complexity to password strength. They will be able to demonstrate password cracking techniques and methods to counter whole-disk encryption. Memory and network-based encryption will be explored as will the use of encryption in Malware applications. Steganography and other encryption techniques used to hide or obfuscate data will be examined.
Learning Objectives
- Differentiate and demonstrate symmetric and asymmetric encryption technologies, public key infrastructure (PKI) and public and private key concepts.
- Analyze the output of hashing algorithms to justify choice of algorithm and to validate the accuracy of the results.
- Compare and contrast specific whole-disk encryption complexities and potential solutions to examination challenges.
- Understand how encryption and hashing techniques are used to prevent discovery or removal.
- Explain the conceptual principles underlying the tools used for encrypting and decrypting full disks and files and the limitations of those tools.
- Analyze the components of a Network investigation and determine appropriate course of action based on encryption complexity and seriousness.
- Translate the technical explanations of data at rest/data in motion encryption processes to language and /or visualizations appropriate to a non-technical audience through lab exercises
Framework Connections
Specialty Areas
- Systems Architecture
- Digital Forensics
- Cyber Investigation
- Collection Operations
- Exploitation Analysis
Feedback
If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.