This course covers investigative methods and standards for the acquisition, extraction, preservation, analysis and deposition of digital evidence from storage devices. This course offers a wide array of forensics situations that are applicable to the real world. Students will learn how to find traces of illegal or illicit activities left on disk with computer forensics tools and manual techniques, and how to recover data intentionally hidden or encrypted by perpetrators.
Learning Objectives
The student will demonstrate an understanding of:
- Data Storage, Components of Common Storage Devices, Memory Management, and File System Organization
- Forensics Investigative Process, Requirements, Documentation, and rules for collecting and acquiring evidence
- Evidentiary reporting to include activities of expert witnesses, types of acceptable evidence, and the requirements of written and oral reports
- Forensics issues pertaining to cloud computing, as well as mobile and gaming console devices.
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Specialty Areas
- Digital Forensics
Feedback
If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@hq.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.