This course provides an overview of computer forensics and investigation tools and techniques. Operating system architectures and disk structures will be discussed, as well as what computer forensic hardware and software tools are available. Other topics include the importance of digital evidence controls, how to process crime and incident scenes, the details of data acquisition, computer forensic analysis, email investigations, image file recovery, investigative report writing, and expert witness requirements. The course provides a range of laboratory and hands on assignments that teach about theory as well as the practical application of computer forensic investigation. This course also is a required course for earning CNSS 4011 -4016 certifications.
A. determine the necessity for forensic preparedness procedures and recognize the appropriate moments for instigating an investigation and involving law enforcement;
B. recognize typical forms of computer crime and abuse and the relevant evidence;
C. assist in determining where and how evidence may be stored in computers, and how this evidence may be extracted without contamination;
D. participate in the selection of appropriate tools for forensic investigation; and
E. define current terminology within computer forensics.
The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.