National CAE Designated Institution
  • Online, Instructor-Led

This course explores the expertise required to conduct digital forensic investigations. Topics include investigation methods, problem-solving techniques, current forensics analysis tools, digital evidence acquisition and control, and impact of ongoing technological changes on digital forensics. Student projects include scenario-based investigations in investigating cybersecurity breaches.

Learning Objectives

By the end of this course, the student will be able to:

  • Create necessary documentation, such as search warrants, affidavits, and preservation letters, for device and data acquisition in support of a cybersecurity breach or criminal investigation.
  • Develop effective strategies to acquire and preserve devices, logs, and data that maintain the integrity of evidence and the chain of custody in a cybersecurity breach or criminal investigation.
  • Evaluate the investigative and organizational risks and benefits in terminating an active cybersecurity breach or other cybercrime.
  • Reconstruct the timeline of a crime or cybersecurity breach from digital evidence gathered during an investigation from both network and files system sources.
  • Analyze FAT, FAT32, NTFS, EXT4, HFS+ files systems for evidence and evaluate the advantages and disadvantages of APFS and ZFS file systems
  • Using the results of a digital forensics investigation, develop a plan to mitigate the risk of future cybersecurity breaches to an organization.

Framework Connections

The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.

Feedback

If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.