• Classroom

In Part 3 we continue the cyber forensic investigation process with an examination of the critical role that time plays in an investigation along with the presentation of forensic investigative smart practices. These smart practices represent the recommended step-by-step processes, for cyber forensic investigators desiring to maximize the potential for a successful cyber forensics investigation/assessment.

Here in Part 4 we begin by examining the process of evidence acquisition and preparation of the acquired evidence (data) for examination. Preserving evidence and documenting the steps ensuring that preservation and also examined here. We will also review methodologies for finding the data that matches the search criteria associated with the scope of the investigation.

Learning Objectives

After completing this course, participants will be able to:

  • Explain the process of identification and acquisition of raw data as potential evidential data.
  • Identify and process the steps requires for data preparation and presentation for examination.
  • Describe the essential sequencing of steps in a professionally conducted and quality controlled cyber forensic investigation.
  • Analyze all of the data collected, information obtained via analysis and prepare an explanatory report for an appropriate audience (e.g., senior management, legal department, law enforcement, etc.).
  • Define the steps necessary to establish effective and well controlled evidence retention and curation procedures.

Framework Connections

The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.

Feedback

If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.