This course begins with lectures discussing the laws and rights to privacy by individuals and what organizations may or may not do. Online ethics are considered. It then moves on to understanding incident handling and how incident response teams work, managing trouble tickets, and basic analysis of events to determine if an incident has occurred. It concludes with computer forensics issues and practices, and rules of evidence.
Given a scenario, explain the appropriate actions and activities in each phase of the incident
handling life cycle.
Explain the methods of integrating forensics in the incident handling process.
Explain the investigative process and reconstruction.
Explain the use of digital evidence in a courtroom.
Demonstrate the use of FTK Imager to make a forensically sound duplication of a given media.
Demonstrate the use of FTK Imager to mount and image and use other tools to process evidence.
The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.