This course studies techniques and tools in computing investigation, digital evidence collection, recovery, and analysis.
Topics include: Legal issues relating to digital evidence, recover deleted files and discover hidden information, reconstruct user activity from e-mail, temporary Internet files and cached data, assess the integrity of system memory and process architecture to reveal malicious code.
Offered fully online or hybrid (1 lecture/week), 3 Credit hours. Instructor led.
Learning Objectives
- Define and explain the role of digital forensics in the incident response and investigatory process.
- Identify the requirements for proper evidence collection, handling and storage.
- Identify and explain basic techniques to properly collect and analyze evidentiary data using appropriate tools and techniques in common scenarios.
- Organize and present evidentiary data and investigatory findings for use in corporate or legal proceedings.
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Specialty Areas
- Digital Forensics
- Cyber Investigation
Feedback
If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.