Computer Forensics Evidence Collection

This course teaches fundamental data collection and analysis techniques used in digital forensic investigations.

Business computers and the data they contain are targets of an increasing number of attacks, which has brought electronic evidence and information gathering to the forefront of incident response. This web-based course is designed for the IT professional who needs to understand the latest techniques and strategies for forensic evidence collection. In three lessons, you will learn tips for controlling a digital forensic investigation and techniques for seizing, collecting, and protecting evidence. The course offers access to online resources including texts, case studies, lectures, and virtual labs that duplicate real-world scenarios. Qualified instructors are available to answer questions about the content and theory.

In the labs for this course, you will work in a virtual environment with a wide range of forensic tools. First, you will run WinAudit, DevManView, and Frhed on sample files to determine if any clandestine threats and vulnerabilities, such as viruses and malicious software, are present. Then you will use Helix, a bootable utility, to identify system state and potential evidence on a running system. You will also run a series forensic tools to extract data from the Internet Explorer browser. These tools include Process Explorer, FavoritesView, IECacheView, IECookiesView, BrowsingHistoryView, and MyLastSearch. Finally, you will use S-Tools, one of many free tools available online, and the Windows Photo Viewer to discover possible steganographic activity on the image files of an evidence drive copy.