National CAE Designated Institution
  • Online, Instructor-Led
Course Description

This course explores the expertise required to conduct digital forensic investigations. Topics include investigation methods, problem-solving techniques, current forensics analysis tools, digital evidence acquisition and control, and impact of ongoing technological changes on digital forensics. Student projects include scenario-based investigations in investigating cybersecurity breaches.

Learning Objectives

By the end of this course, the student will be able to:

  • Create necessary documentation, such as search warrants, affidavits, and preservation letters, for device and data acquisition in support of a cybersecurity breach or criminal investigation.
  • Develop effective strategies to acquire and preserve devices, logs, and data that maintain the integrity of evidence and the chain of custody in a cybersecurity breach or criminal investigation.
  • Evaluate the investigative and organizational risks and benefits in terminating an active cybersecurity breach or other cybercrime.
  • Reconstruct the timeline of a crime or cybersecurity breach from digital evidence gathered during an investigation from both network and files system sources.
  • Analyze FAT, FAT32, NTFS, EXT4, HFS+ files systems for evidence and evaluate the advantages and disadvantages of APFS and ZFS file systems
  • Using the results of a digital forensics investigation, develop a plan to mitigate the risk of future cybersecurity breaches to an organization.

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Feedback

If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@hq.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.