• Classroom
  • Online, Instructor-Led
Course Description

This course is designed to provide a strong foundational introduction to Digital Forensics and focuses on Microsoft Windows based computers. Students work in both a Windows and Linux environment for their investigative workstations. This course teaches both theory and practical skills for an entry level forensic examiner (acquisition, searching, reporting), with some introductory exposure to advanced topics (live system forensics & mobile forensics). The course aims to teach a mix of both commercial and open-source tools where appropriate. At the end of the course, students should be able to perform forensic acquisitions, keyword searching, data recovery, timeline construction and analysis and reporting.

Learning Objectives

  • Perform the essential duties of a Forensic Examiner
  • Prepare for and execute digital forensic investigations on Windows-based systems
  • Apply forensic methodologies to preserve, acquire, extract and analyze information of investigative importance
  • Identify and analyze key Windows artifacts of investigative importance

Framework Connections

The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.