Digital evidence gathering requires knowledge of not only computers and networks, but also how to use the tools that acquire data. Explore evidence gathering, chain of custody, data recovery, hard drive scrubbing, IP address tracking, and memory forensics.
Learning Objectives
System Security Certified Practitioner (SSCP 2018): Digital Forensics
- Course Overview
- list steps taken by digital forensic investigators
- describe the order of volatility and preservation of scene
- describe how evidence must be gathered and preserved for legal admissibility
- recover deleted data
- extract insights from stored web browser data
- use software to permanently remove hard disk data
- describe how VPNs and proxies are used to hide network identities
- use tools to track the origin of an IP address
- uncover hidden data using a steganography tool
- describe insights that can be gathered from memory dumps
- use the Linux dd command to create a disk image
- use common tools to gather digital evidence