Course Overview
Learning Objectives
- Define digital forensics.
- Explain the evolution of networking and the purpose of digital forensics.
- Describe the unique challenges of collecting forensic evidence from networks.
- List the devices, media, and memory where evidence can be found.
- Explain the OSCAR methodology for collecting digital evidence.
- Explain laws applicable to digital forensics.
- Explain guidelines for collecting digital evidence for specific devices and networks.
- List guidelines for collecting and documenting evidence so that it is admissible in court.
- List physical and logical tools used in digital forensics.
- Explain how Kali Forensics is used to collect digital evidence.
- Describe tools such as Wireshark, Tshark, dumpcap, and tcpdump that work with Kali Forensics.
- Explain how case management software is used.
- Explain how imaging tools are used in an investigation.
- Describe the types of digital evidence and how they are stored.
- Document where and how evidence is collected.
- Describe how to establish and maintain a chain of custody.
- Explain high-level concepts related to digital imaging, such as tools, formats, size, and compression.
- Explain hashes and checksums.
- Explain what to do with damaged drives.
- Define remote access and remote forensics.
- Identify tools used in remote forensics.
- List the elements of a cyberforensic analysis.
- Describe types of drives.
- Explain partitions and volumes.
- Explain file systems.
- Recognize common antiforensic techniques.
- Recognize common file modifications that could indicate suspicious activity.
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):