This course explores the expertise required to conduct digital forensic investigations. Topics include investigation methods, problem-solving techniques, current forensics analysis tools, digital evidence acquisition and control, and impact of ongoing technological changes on digital forensics. Student projects include scenario-based investigations in investigating cybersecurity breaches.
By the end of this course, the student will be able to:
- Create necessary documentation, such as search warrants, affidavits, and preservation letters, for device and data acquisition in support of a cybersecurity breach or criminal investigation.
- Develop effective strategies to acquire and preserve devices, logs, and data that maintain the integrity of evidence and the chain of custody in a cybersecurity breach or criminal investigation.
- Evaluate the investigative and organizational risks and benefits in terminating an active cybersecurity breach or other cybercrime.
- Reconstruct the timeline of a crime or cybersecurity breach from digital evidence gathered during an investigation from both network and files system sources.
- Analyze FAT, FAT32, NTFS, EXT4, HFS+ files systems for evidence and evaluate the advantages and disadvantages of APFS and ZFS file systems
- Using the results of a digital forensics investigation, develop a plan to mitigate the risk of future cybersecurity breaches to an organization.