• Online, Self-Paced

Digital evidence gathering requires knowledge of not only computers and networks, but also how to use the tools that acquire data. Explore evidence gathering, chain of custody, data recovery, hard drive scrubbing, IP address tracking, and memory forensics.

Learning Objectives

System Security Certified Practitioner (SSCP 2018): Digital Forensics

  • Course Overview
  • list steps taken by digital forensic investigators
  • describe the order of volatility and preservation of scene
  • describe how evidence must be gathered and preserved for legal admissibility
  • recover deleted data
  • extract insights from stored web browser data
  • use software to permanently remove hard disk data
  • describe how VPNs and proxies are used to hide network identities
  • use tools to track the origin of an IP address
  • uncover hidden data using a steganography tool
  • describe insights that can be gathered from memory dumps
  • use the Linux dd command to create a disk image
  • use common tools to gather digital evidence

 

Framework Connections

The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.

Feedback

If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.